The European Commission has amended the law on the protection of personal data. The Commission believes that priority tasks are the standardization of data defence systems over the entire European territory, the widening of data subject law, the toughening of punishment for unauthorised use of data. Among the amendments is a series of proposals for the protection of children during the use of internet resources. By the end of 2012, the Commission expects the approval of the legal project by European states. In the event of a positive outcome, the updated law will already take effect in 2013.
The changes in the law have touched on practically all active conditions: legal responsibility, rights and responsibilities of subjects and operators of personal data, processing technologies, defence of personal data etc.
One of the positive changes was the change in the confidential data storage procedure. Rather than spending resources on the performance of regulatory functions during data registration, operators must present proof of their compliance with data defence policy in accordance with the requests of the controlling authorities, as well as reporting on the time of data storage, deletion and other data operations.
Operators of personal data must receive permission for data processing. However, even permission is not a reliable basis, if there is a “significant discrepancy between the subject of the data and the operator, taking a form of dependence.” A good example of this could be an agreement between an employer and their employee on the processing of personal data.
Aside from the introduction of amendments, the working group wrote completely new points in the legal aspect of personal data of subjects: the right to be “forgotten”, the right to “mobility”, and confidentiality of the Internet Profile. The right to “be forgotten” guarantees users of social media sites the possibility to irreversibly delete data about themselves, the right to “mobility” allows the transfer of one’s own data from one internet provider to another (for example, the transfer of e-mail address from Hotmail to Gmail does not result in the multiplication of confidential information of the citizen). The right to confidentiality of an internet profile forbids organisations from analysing the accounts of citizens by using automatic processing.
The law on the protection of personal data will be active not only on the territory of the EU, but also outside it, if a personal data operator owns personal information on a citizen of the European Union. In the case when the operator is based outside EU, they must designate a representative in Europe. In the case of unlawful actions of the operator, the controlling authorities can designate a fine in the form of 1% to 5% of the turnover of the organization, operating personal data.
