can data protection regulation ever keep pace with technological change? jonathan bamford assistant...
TRANSCRIPT
![Page 1: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/1.jpg)
Can data protection regulation ever keep pace with
technological change?
Jonathan Bamford
Assistant Information Commissioner
![Page 2: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/2.jpg)
Are our DP laws stuck in time?
• OECD Privacy Guidelines 1980
• Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) 28 January 1981 & Protocol (ETS No 181)
• What did information handling look like back then?− PC’s…Internet…mobile communications…CCTV…
RFID?
![Page 3: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/3.jpg)
Are our DP laws stuck in time?
• UK Data Protection Act 1984
• European Union Directive 95/46/EC
• UK Data Protection Act 1998
• Even since then there has been substantial changes in personal information handling
![Page 4: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/4.jpg)
All have a similar set of core standards
UK DPA 1998 requires personal data to be− processed fairly and lawfully− obtained only for specified and lawful purposes and further
processed only in a compatible manner− adequate, relevant and not excessive− accurate and up to date− kept for no longer than necessary− processed in accordance with the rights of data subjects− kept secure− transferred outside the EEA only if there is adequate
protection
![Page 5: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/5.jpg)
Are these standards still relevant today?
• ICO Research 2004-“Public attitudes to deployment of surveillance techniques in public places”− Chose privacy rules almost same as the DP
Principles
• IC commissioned research with Small and Medium Sized Enterprises in 2004− 73% think DP principles are good for business− 91% agree that privacy is important to customers
![Page 6: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/6.jpg)
Moves to particularise
• European Union Directive on Privacy and Electronic Communications- 02/58/EC
• UK Privacy and Electronic Communication Regulations
![Page 7: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/7.jpg)
Constitutionalisation of DP
• Articles 7 & 8 – Charter of Fundamental Rights of the European Union – Nice, 7 December 2000
• Proposed EU Constitution
![Page 8: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/8.jpg)
Areas of wear and tear
• Definitions- personal data, transfers, personal use- arsing from Durant and Bodil Lindqvist cases
• Better regulatory powers to deal with telemarketing/spam
• Need for proactive tools such as audit/inspection and privacy impact assessments
![Page 9: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/9.jpg)
The challenge for DP regulators
• Make sure the existing requirements are understood (lessons of ICO ‘Make Data Protection Simpler’ project)
• Work together to clarify and enforce
• Be proactive
• Make sure we have the right tools for the job
![Page 10: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/10.jpg)
Conclusions
• The core of the existing law is still relevant and effective
• Some of the defining terms are struggling to keep pace
• Better tools are needed to deliver compliance
![Page 11: Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner](https://reader036.vdocuments.us/reader036/viewer/2022082604/5515f66b55034694308b4720/html5/thumbnails/11.jpg)
Any Questions?
Information CommissionerWycliffe HouseWater Lane WilmslowSK9 5AFUnited Kingdom
Switchboard. 01625 545 700Helpline. 01625 545 745
Email. [email protected]
www.informationcommissioner.gov.uk