The protection of one’s personal information continues to garner attention as online services become increasing popular, whether it be social networking, communications via smartphone, or other aspects of cloud computing.
Europe’s data protection rules date back to 1995, well before today’s online models became mainstream tools for communicating with one another. This has, in part, led Commissioner Reding to use multiple avenues to get comments and ideas on the way forward for Europe on data protection. The latest of these was asking for comments on the Commission’s communication for “A comprehensive approach on personal data protection in the European Union.”
Some of the key topics discussed in the communication include:
- The scope of the EU data protection regime, including what should be considered personal or sensitive data
- Exercising control over a person’s data, whether it be the ability to retrieve your data, export your data (“Data Portability”), or remove it altogether (dubbed the “Right to be Forgotten”)
- Transparency about how data collected will be used, including notification for a data breach
- Taking data protection principles into account with the design and implementation of new technologies, termed “Privacy by Design”
- International data transfers, both within the European Union and between EU and non-EU countries
- Harmonization of laws in the EU to make it easier for companies large and small to provide online services (while still maintaining adequate protections for consumers)
Microsoft submitted comments on these and others aspects of the Communications in our response filed January 15. We believe technological innovations such as cloud computing can flourish while continuing to maintain adequate consumer protections. But a thoughtful approach is critical. It’s important to get this right for Europe to reach the potential envisaged by the Digital Agenda for a digital single market. We support the work of the Commission in this regard and encourage other interested parties to continue to be part of the debate. For example, we endorse the view that technology providers should incorporate data protection principles into their products – something Microsoft has been doing since 2002. For more on that, please have a look at my December post on The Privacy Design Imperative. We’ll plan further postings on other key topics in the coming months.