Currently binding Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data celebrates its 20 birthday. Let’s imagine, how during last 20 years our lifestyle has changed. Today we have full of doubts, when we entrance fitness club thanks to fingerprint scanning. Then, after that without any resistance, we take selfie and share it with our friends. It is hard to believe but two decades ago there was no social media! Therefore questions about the future of personal data protection are valid as never before. The EU tries to face new challenges and work on new legal act on personal data protection – regulation, which would replace directive mentioned above. But it’s too early to celebrate success.
What is worth supporting
‘Google case’ (https://europensblog.wordpress.com/2014/05/19/right-to-be-forgotten-google-case/) showed how works differentiate between two legal orders. Certainly, from legal point of view it is clear why judgment of the Court of Justice of the European Union is binding only for EU member states. However, Google’s position, expressed outright, that ‘right to be forgotten’ may be enjoyed only by some of Europeans, not by clients living in the USA, arouses disgust. Despite the EU can’t improve their situation, it may do it with ours. Project of new regulation assumes, that even if company is registered in the third state it has to act in compliance with EU law, if its processing activities are related to the offering of goods or services to such data subjects in the EU. As a results, protection of our data will be strengthened. Moreover, regulation contains new terms, such as ‘biometric data’ and also refers to children’s personal data protection.
What is criticized
Skeptics remind us, that work on content of regulation lasts too long – 3 years. During this time, draft was changed many times and lost its original character. There were arguments between EU member states, EU institutions, which take part in legislative procedures, between NGO’s in member states, etc. It is said that Council of the EU’s amendments lead to weaken standards of protection, especially ‘sacred’ principles connected with purposes of processing and individual’s consent for processing.
People awareness and their freely, explicit consent for processing is, in opinion of a lot of NGOs focused on right to privacy , the key point of all personal data protection issues. In addition, some of them are against solutions which would empower entrepreneurs through liberalization of new law. According to NGOs, it creates a risk of abuse and increase of disparities between company and natural person. On the other side, we can’t ignore entrepreneurs’ reasons – their claim that reduction of formalities is needed in order to accomplish functioning of the EU’s single market.
Is it really the future?
Despite some advantages and disadvantages mentioned above, the question is, whether this is a real reform or rather just an introduction of a few changes. European Commission at the very beginning in 2012, sought to propose legal act, which would be an answer to current problems with personal data protection. Now there are doubts, not only if planned changes are revolutionary, but also if they would have adverse effects and weaken relatively high, in contrast to the USA, European standards of protection. It is uncertain, how long will we have to wait for entering into force new regulation and which other, now unfamiliar problematic issues will arise.