The European Commission is setting out what it wants to see in the next generation of data protection principles for citizens across the community. The Commission, which is already taking the British government to court for its failure to properly protect our privacy, has outlined what it sees as the main issues which need …
Like all hot air...
'Stronger rights for individuals. People should be clearly told what information is stored on them and why, and by whom.'
Useful stuff. If you are going to attack the data, put the effort into attacking where there is the most benefit, so knowing what data is held is a useful start.
'They should also have the "right to be forgotten" - to get their data deleted.'
And the right to validate that it was deleted, including the backups. This is an issue with cloud services today, they only solution is strong contractural clauses that allow you to recover all costs from the service provider in the event of a retrospective breach. What are the odds of that being available to individuals?
Whilst it is a step in the right direction, I am approaching the age where I will be chasing retirement, always a few years short of the revised retirement age, even so I doubt the EU will get this implemented in my working lifetime.
Deleting data is forbiden for some purposes.
Placing data beyond unauthorised access is the best that you can hope for. This would require both you and the accessor to supply a unique key and allows you to withdraw your consent. This however is a password and you might find yourself on the wrong side of the law in any event if you fail to comply.
However, all this is irrelevant. If you have nothing to hide you have nothing to fear.
We will monetise your data whether you like it or not....
What's the betting
the UK ignores this too ?
"Making sure the relevant laws are actually enforced"
That's the tricky bit.
Current penalties seem too often to just involve some government department paying a notional fine in magic money to another government department.
The government or organisations that fail to protect privacy, should have to pay compensation to the people affected.
The idea of actually having to track down and pay real money to actual people might well focus their minds.
(Also sent to EU - but somewhat rephrased)
The individual minister(s) that fail to protect privacy, should have to pay compensation to the people affected.
there, fixed it.
Right to be forgotten?
"They should also have the "right to be forgotten" - to get their data deleted."
How the hell do they expect that to happen? It's far from practical, nigh impossible. We have regular database backups, which in turn get backed up to tapes; monthly tapes are 'permanent' and stored offsite. Surely they don't expect data from each tape to be restored, data of a specific person to be deleted, the modified data backed-up, the original destoryed. What ever happened to an audit trail?
"the right to be forgotten" and "to get their data deleted" are two different things
"the right to be forgotten" and "to get their data deleted" are two different things - the first is achievable by having a one way encyption of the data when it is stored and then throwing away the key when the user wants to be forgotten. Ensuring all the data is deleted is near impossible but putting it beyond reach is probably sufficient.
Still not a trivial task but an important one.
Considering the UK Gvt blithely ignores EU rulings on privacy...
I can't imagine this will make any difference at all.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND