Search CMOR.ORG

Lost Password?

Site Map

 
International News Update  
CMOR ::: >  

The Latest EU Initiatives on Data Protection and Privacy
By Kathy Joe (ESOMAR) and Pauline Weinzierl (APCO)
September 2007

The following is an update provided courtesy of the World Industry Network (WIN). WIN is an initiative CMOR is a part of which is an agenda setting forum for global leaders in the research industry. It is also a communication platform to inform and update associations, aligning and involving them in industry projects.

Regular international meetings are organized to discuss trends and critical issues and to develop collective responses and plans for action .

Promoting Privacy Enhancing Technologies (PETs)

The European Commission recently underlined its aim to promote Privacy Enhancing Technologies (PETs) to strengthen online privacy protection. The aim is to build trust in Internet transactions as consumers’ fears grow about identity theft, discriminatory profiling, data privacy breaches, surveillance and fraud. PETs should support basic data privacy principles for instance:

  • Processes that automatically anonymize data to support the principle that data are kept in an identifiable form for no longer than is necessary to fulfill the purpose for which they were originally collected.
  • Encryption tools to prevent personal data being hacked when it is transmitted over the Internet, in line with the data controller's obligation to take appropriate measures to protect personal data against unlawful processing.
  • Cookie cutters: software to prevent cookies being placed on computers and collecting information without the users’ knowledge. A key data principle is that data must be processed fairly and lawfully, and that the data subject must be informed about the processing going on.
  • The Platform for Privacy Preferences (P3P): allowing Internet users to check website privacy policies to see if they conform with the information that they wish to release. This helps to ensure that data subjects' consent to processing of their data is informed.

The Commission plans to raise consumer awareness and will investigate the feasibility of an EU privacy seal system to help people recognise products and services that provide better data privacy protection by incorporating PETs.

Next steps: Research companies involved in online research should review whether their privacy policies fulfil the requirements for PETs.

Children’s privacy issues

The Commission has launched a public consultation to identify how to make online and communication technologies safer, particularly for children, so it can decide whether to propose an initiative to follow up the Safer Internet plus programme that ends in 2008. The consultation which focuses on illegal and harmful content, user-generated content and on-line communications ended on 7 June.

Next steps: A draft opinion will be issued in the next month or two and research associations should monitor developments as it could impact children’s research.

Definition of personal data

The Data Protection Article 29 Group is reviewing how to define ‘personal data’ to prevent the Data Protection Directive being interpreted in different ways. It had planned to adopt an Opinion in April but as national delegations could not agree, this should be adopted at a meeting on 19 to 20 June. The review was triggered by the UK Information Commissioner after a 2003 UK court ruling which gave personal data a limited definition.

Next steps: Associations to monitor this as could have an impact for market research.

Data Protection focuses on national implementation

A recent European Commission report on implementing and enforcing the Data Protection Directive concluded that the Directive has broadly achieved its aim of ensuring harmonized privacy protection, making it easier to move personal data around the EU. It also points out that this goal has still to be fully realized because the Directive was introduced later than foreseen in some countries and the way it has been translated into national law varies from country to country.

Next steps: No major changes are currently planned that would impact the market research industry.

Applicable law

In converting the Treaty of Rome into EU law, the Commission published a proposed law at the end of 2005 which applies to contractual obligations. An amended version was due to be discussed by the Council and Parliament in May. The proposed law which relates to contracts between consumers and service providers, states that both parties are free to choose which law will apply to their contract if there is a dispute but if no choice is made, the law of the country where the service provider is established will apply.

Next steps: This is unlikely to affect the research industry but any panel research company which has a contractual relationship with their respondents should check if it could have an impact.

Links

European Commission: Privacy Enhancing Technologies (PETs): http://ec.europa.eu/information_society/activities/privtech/index_en.htm

European Commission: Safer Internet and online technologies for children: http://ec.europa.eu/information_society/activities/sip/public_consultation/index_en.htm

European Commission: Art.29 Data Protection Working Party: http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm

European Commission: Applicable law - Community law: http://ec.europa.eu/civiljustice/applicable_law/applicable_law_ec_en.htm

Disclaimer: The information provided in this message is for guidance and informational purposes only. It is not intended to be a substitute for legal advice. CMOR advises all parties to consult with private legal counsel regarding the interpretation and application of any laws to your business.

  

Copyright 2008 Council for Marketing and Opinion Research
All Rights Reserved
Privacy Policy | Legal Notice