Today is Data Privacy Day, an international holiday that marks the 32nd anniversary of the signing of the Council of Europe’s Data Protection Convention 108. Data Privacy Day, which is celebrated all over Europe, Canada, and the US, recognises our fundamental right under human rights law and the importance of privacy to the maintenance of democratic societies, the advancement of human dignity, and the flourishing of other rights such as freedom of expression and association.
In today’s world of ubiquitous technology, where information is collected, transferred, bought, sold, and stored with increasingly rapid speeds and at decreasing prices, it’s never been more important to protect privacy. Every day companies collect a wealth of information about our internet use–what we search for, things we post and like on social networks, even the content of our emails. Companies then use this “digital footprint” to make a substantial profit guessing who we are–or at least, who they think we are. These details are stored in dozens of databases, often without your knowledge, consent, or control as to what they may be used for, by whom, for what reason, and for how long.
Alarmingly, this data collection happens all the time, not just when you’re online. When you make a phone call or text someone in Europe, that information is stored by your telco for 2-5 years. In many cities, Closed Circuit Television (CCTV) cameras are everywhere, recording snippets of our days: the UK has 1.85 million CCTVs, or one for every 32 British citizens. And soon, many of these CCTVs will integrate facial-recognition technology. With security concerns on the rise at airports, passengers are sometimes asked to submit to a full body scan before boarding a plane. As the “internet of things” becomes reality, and more and more objects are connected to the internet, the amount of our personal data that is collected, categorised, and stored will only increase.
In response, the European Commission has introduced a proposal that would update and strengthen laws protecting the privacy of European citizens. The proposed General Data Protection Regulation, or GDPR, seeks to strengthen individual rights by providing you with greater control over you personal information, including the ability to give explicit consent over the use of your data, and greater awareness about happens to your data when it’s collected by companies and public bodies. The GDPR will also mandate greater transparency and accountability by those handling data (so-called “data controllers”).
Access sees the proposed Regulation as a landmark initiative, and one that must strive to set the highest standard of protection. The EU has consistently served as an international standard-setter on privacy issues in the face of the rapid advancement of the information society. Many countries, including some developing nations, have incorporated the work of the European Union in developing their own data protection frameworks. The GDPR provides yet another opportunity for the EU to model strong protections.
However, the Regulation is currently under attack by big technology companies (a longer list, compiled by the Swedish Pirate Party, can be found here) and the US government. A small army of big corporate players, often hidden behind industry associations, have attempted to substantially weaken the Regulation in their discussions with Members of the European Parliament.
That’s why last week at the Computers, Privacy and Data Protection (CPDP) conference in Brussels, the Brussels Privacy Declaration was launched. The statement–promoted by Bits of Freedom, European Digital Rights, and Privacy International–calls on the Members of the European Parliament and all governments of the European Union to defend and strengthen our fundamental right to privacy. (Access is a proud signatory to the statement, and strongly endorses its message. Other groups and individuals that wish to sign may do so by sharing their name, country, and profession or affiliation with the statement organizers, at firstname.lastname@example.org.)
So what’s next for privacy in Europe? Right now, the European Parliament is developing its official position on the proposed Regulation, led by the Civil Liberties Committee (LIBE). The LIBE opinion is expected to be formalized in April 2013, and will be followed by negotiations with the European Council (the representation of the Member States). For the proposed GDPR text to become law, both the Parliament and the Council need to come to common agreement–likely just ahead of the 2014 European Parliamentary elections. If this is successful, the actual implementation of the Regulation would happen roughly two years from that date–giving us a lot to celebrate on Data Privacy Day 2016.
The European Union has a real opportunity to protect the fundamental rights of its citizens, and to continue its leading role as a standard-setting body for the protection of privacy worldwide. Let’s not let corporations push them around and hinder our ability to control our personal information. You can check out more of Access’ work on the Data Protection Reform initiative, and if you’re in Europe, take the opportunity to send a message to your MEP asking them where they stand on protecting your privacy.
Here’s wishing you a happy, empowered–and un-surveilled–Data Privacy Day!