Commission seeks views on data protection

Subject: Commission seeks views on data protection
From: Morlon Carmen (
Date: ke 24 heinš† 2002 - 15:21:20 EEST

To ECUP list, as sent to the EBLIDA list.

Apologies for cross-postings.

Press release on Data Protection: Commission seeks views on privacy
legislation, Brussels, 25 June 2002
RAPID Database,, see IP/02/923.

Should bosses be able to read the e-mails employees send and receive at
Are customers who want to buy on-line confident that the personal data
they give will not be used in ways they have not agreed to?
Are businesses over-burdened by enquiries from people wanting access to
the personal details companies hold about them?

In an on-line consultation, the European Commission is seeking views on
these and other aspects of the protection of personal data. The survey
is part of the Interactive Policy Making initiative
(, see IP/01/59). The results will feed into
the Commission's report, due at the end of this year, on how the 1995
Data Protection Directive is being applied. To collect a wide range of
views and to make it as easy as possible for everybody to contribute,
the Commission has put two questionnaires on its website - one for
individuals and one for businesses that process people's data. Both can
be found at Responses can be sent to the
Commission from that site.

The deadline for responding to the on-line questionnaires is 15
September 2002. Organisations wanting to send more detailed comments are
asked to do so by 31 August because their replies will take longer to
process. The results will be discussed with data protection experts at a
Conference organised by the Commission on 30 September and 1 October in
Brussels. The Commission's report on implementation of the Data
Protection Directive in the Member States will be published late this
year or early next. To find out more about Data Protection in the
European Union, visit:

Internal Market Commissioner Frits Bolkestein said: "The Commission's
job is to ensure a secure legal framework that allows the free movement
of information in the Internal Market, while at the same time
guaranteeing the fundamental right of individuals to have their privacy
respected. There is of course no privacy without the protection of
personal data. We have to keep the Data Protection Directive under
review to ensure that it is working in the interests our citizens,
businesses, public authorities and other interested parties."
There are many situations in which organisations need to process and
retain personal data, in the interests of the people whose data is
involved. For example, employers need bank and other details in order to
pay employees. Doctors need to keep patients' medical records. Companies
need customers' details in order to be able to send them goods they have
purchased via mail order or on-line. Banks, mortgage lenders and
insurance companies also need to keep customers' data to assess risks.

The aim of the Data Protection Directive is to set out a clear framework
which takes these necessities into account while offering citizens the
strongest possible protection of their privacy.
The Commission wants to know how well those affected think the Data
Protection Directive is working and what changes they think may be
needed. Hence the consultation just launched, which seeks the views of
governments, public authorities, businesses of all sizes, and individual
citizens. Everybody is welcome to participate.
The Data Protection Directive (, see
IP/95/822) entered into force on 24 October 1998 and has been
implemented into national law by all Member States of the European Union
except Ireland and Luxembourg. The Commission expects those two
countries to finalise their implementation before the end of this year.
For further details, see:
The main principles behind the Data Protection Directive are:
- personal data must always be processed fairly and lawfully
- personal data must be collected for explicit and legitimate
purposes and used accordingly
- personal data must be relevant and not excessive in relation to
the purpose for which they are processed
- data that identify individuals must not be kept longer than
- data must be accurate and, where necessary, kept up to date
- data controllers are required to provide reasonable measures for
data subjects to rectify, erase or block incorrect data about them
- appropriate technical and organisational measures should be
taken against unauthorised or unlawful processing of personal data
- personal data must not be transferred to a country or territory
outside the European Economic Area unless that country ensures an
"adequate level of protection" for data subjects.
The Directive also requires each Member State to provide one or more
independent supervisory authorities to monitor the application of the
Directive. One responsibility of these authorities is to maintain an
updated public register so that the general public has access to the
names of all data controllers and the type of processing they do.
Specific issues related to electronic media - such as the use of e-mail
address lists to send "spam" e-mail - are covered in a 1997 Directive
dealing specifically with the telecommunications sector. A new Directive
to update this is currently being finalised in the European Parliament
and the Council (, see IP/02/783).

Carmen Morlon
EU Information Officer
PO BOX 43300
NL-2504 AH The Hague
The Netherlands
Tel.: +31 70 309 06 08
Fax: +31 70 309 07 08
Lobbying for Libraries

This archive was generated by hypermail 2a24 : pe 14 elo††† 2020 - 01:20:17 EEST