Two years later, the EU is still debating new data protection laws

Two years later, the EU is still debating new data protection laws

By Will Goodbody, Science & Technology Correspondent


Happy Data Protection Day! Yes, today is the 8th Council of Europe Data Protection Day. The anniversary of the opening for signature of the Council of Europe’s 1981 Data Protection Convention, which Ireland signed in 1986. A day for celebration, for sure. Or is it?

Well on some levels, perhaps yes. We are fortunate to have a data protection framework at national and European level to enshrine our privacy rights in law. Fortunate too to have a body, in the Office of the Data Protection Commissioner, whose job it is to ensure that those rights are upheld and protected.

But the last few months and years have taught us much about privacy, particularly online privacy. And it hasn’t been a pleasant lesson. We’ve had several high profile significant data breaches, like for example at Loyalty Build last year. We’ve had to endure the growing trend of online, text and cold-calling spam, despite all the protections in place.

We’ve had international scandals, involving state run intelligence agencies like the NSA riding roughshod through privacy protections we all thought were in place to guard our data held by the biggest internet companies in the world.

And here at home we’ve even had a string of public bodies admonished for not putting appropriate data protection protocols and oversight in place. Just today, the Data Protection Commissioner publicly rebuked (not for the first time) the Department of Social Protection, saying he was “entirely unsatisfied” with their attitude towards privacy.

What’s very clear is that keeping our personal data safe is going to become more and more difficult, as our lives move further and further online. The only way to tackle that steady encroachment is with education, modern but reasonable fit-for-purpose data protection laws and a robust system of enforcement at every level.

It is against that background that it is somewhat hard to believe that two years after it proposed a major reform of EU data protection rules, the European Commission has yet to conclude a new deal. In fact, latest reports suggest it is a long way off being concluded and it will probably take until the end of this year. With a two year implementation phase, it will be at least 2017 before it bears fruit. Can you imagine how far the online world will have moved on by then, who will be collecting our data, and what they will be doing with it?

The old EU privacy regulations are over 20 years old and although they were designed for 1990s technology, have stood the test of time well, because they were well thought out. And devising new, enduring, well thought out legislation does take time. The new proposals carry many beneficial features, which will provide a strong privacy framework for the future – provided they aren’t watered down through a combination of political bickering and commercial lobbying.

But the lifeblood of the modern internet economy is trust. Without it, e-commerce is nothing. People here in Ireland may be becoming more accepting that the benefits of the web are accompanied by an inevitable reduction in privacy. But when it comes to their private information, most people have a red line beyond which they are not willing to let the state and companies go. And without strong modern rules, data protection authorities are left to defend that red line on our behalf with one arm tied behind their backs.

So while celebrating Happy Data Protection Day, and blowing out the candles, let’s make a wish that a new strong and well thought out EU privacy framework comes soon, before really significant irreparable damage is done.