Hasn’t it been a busy week in Europe? The regulators seems to be falling over one another in a race to the top of privacy regulation. Targeted are web browsers and ‘do-not-track’ mechanisms, children’s internet privacy, banks, and the U.S.’s request for passenger data.
The European Commissioner Nellie Kroes came close to threatening the advertising industry when speaking at a recent workshop in Brussels. The EU is picking up the baton from the U.S. Federal Trade Commission in calling for a ‘Do Not Track’ standard to be in place by June of 2012. For those web browsers who either run or businesses who honour do-not-track, Commissioner Kroes says, “But this is not enough. Citizens need to be sure what exactly companies commit to if they say they honour do not track. … If I don’t see a speedy and satisfactory development, I will not hesitate to employ all available means to ensure our citizens’ right to privacy.”
Commissioner Kroes was also recently “disappointed” by the findings of a study by the European Commission (EC) on how social networking sites treat children. The study found that out of 14 social networking sites, only two had default settings that limited access to the approved contacts of children. The European Commission is consulting with social networking sites about rules governing the on-line privacy of children, and Commissioner Kroes will be urging sites to “make a clear commitment to remedy [their default settings] in a revised version of the self-regulatory framework” being discussed. Based on the results of the study, social networks will need to do more to protect children’s privacy.
As if banks don’t have enough on their regulatory plates, the EU Justice Commissioner Viviane Reding recently announced that banks will be required to disclose serious data protection breaches. While Commissioner Reding acknowledged that feedback from the banking
sector indicated a concern with mandatory data breach notifications adding to their administrative burden, she say the burden “is entirely proportionate and would enhance consumers’ confidence in data security and oversight.”
The EC and the U.S. have been renegotiating the agreement on the transfer of passenger name record data (PNR) to the U.S. This week a leaked report showed that the EC’s legal counsel opined that the proposed agreement which would allow the storage and retention of PNR for 15 years, which is four times longer than the present agreement, is unlawful, and “grave doubts” were expressed about the agreement’s compliance with EU data protection laws, notwithstanding an acknowledgement that the PNR aids in the fight against international terrorism. The new agreement will need the approval of the European Parliament, but a German Minister of the European Parliament has concerns about whether the agreement will pass through the Parliament despite the legal advice and would prefer the parties go “back to the drawing board” to ensure that any new agreement is compliant with EU data protection law.