Personal data protection is an extremely sensitive and controversial topic as businesses, governments and consumers sometimes have quite opposite opinions on the accessibility and the right to share the data. There is a very fine line between the measures to ensure security and commonwealth of the population and the moment when personal space and privacy has been breached by businesses and authorities.
Unfortunately, imaginative criminals don’t bother much on the subject as we have witnessed last year from recurring massive data breaches across industries in the US. While data protection is still a hurdle on the west, Europe seems to be impressively forward-thinking and consumer-focused with its reforms aimed to empower the data owner.
Less than a week ago, the Council of the European Union published a copy of a data protection reform taking place in the region. One of the most interesting parts of the reform is related to the fundamental rights that data owners will have over their data. This forward-thinking move by the European Council offers an enhanced level of personal data protection that each person is entitled to have and hopefully, it will serve as an example of the efforts necessary to put into privacy and personal security matters around the world.
Proposed strengthened data protection rights provide data owners with more control over their personal data through certain requirements that third-parties have to comply with in order to access that data.
First and one of the most important principles is the consent of data owner for his or her personal information to be processed and transmitted by a particular service provider or any organization and party at all. The rule seems to be quite obvious and followed generally, but reminds of a pile of emails and advertising from companies that we have never faced, which received our credentials and personal information from companies we exclusively entitled to do so.
Easier access for the owner to personal data is another fundamental right often ignored by the corporate world, trying to make it as difficult and possible for individuals to obtain and restrict access to personal data once it has been provided.
A well-known and controversial right to erase personal data— the so-called right "to be forgotten"—empowers data owners to require undelayed removal of personal data collected or published on a social network when the individual was a child.
Children's personal data is a special subject of strict control. The European Council offers an online service to take an attempt to verify a parental consent for children younger than 16 years of age. The age may be lowered to 13 at the maximum.
Another important enhancement is the right of data owner to portability, which will facilitate the transmission of personal data from one service provider to another. The requirement strengthens the data protection right against companies that the individual does not want to be tied to and creates a positive competition between companies to deserve the right to exclusively access personal data.
One of the most important points of the reform is the right to object to the processing of personal data on the basis of the public interest or to legitimate interests of a controller. Every individual has a right to refuse to be profiled for any reason related to the commonwealth of the public.
Development and implementation of safeguards to ensure the security of personal data used for archiving purposes and for scientific and historical research or statistical purposes.