City experts to discuss data privacy
The latest European Union (EU) General Data Protection Regulation (GDPR) and the recent European Court of Human Rights (ECHR) judgement are among several issues which will be discussed by City University London researchers on Data Privacy Day, 28th January 2016. The event will take place in Room AG07a from Noon to 1pm.
The wording of the General Data Protection Regulation (GDPR) was
agreed in December 2015.
The new Regulation began life as a draft document in 2012 and after being debated in the European Parliament and a trilogue between the three EU institutions (the European Council, the European Commission and the European Parliament) the final wording has been agreed. The GDPR will take effect from 2018 and strengthens the protection offered to individuals within the EU.
Among its new provisions are:
1. Better control of personal data by individuals.
2. Better access by individuals to their own data.
3. Data portability.
4. The right to be forgotten.
5. The right to know about serious data breaches.
Following active lobbying the new Regulation also aims to be more business-friendly by cutting out the red tape. SMEs that handle personal data (such as employee records) will no longer be required to register with the data protection authorities, so long as processing personal data is not their main business. Unlike the current Data Protection Directive, the new Regulation will automatically apply across all EU states – it does not have to be passed into national law, such as the UK’s Data Protection Act 1998. Businesses working across Europe will only have to deal with one authority, rather than the regulatory body in each state that it operates in.
A recent judgement by the European Court of Human Rights (ECHR) has highlighted some of these issues by ruling that employers are entitled to monitor employee communications when they are using the Internet during work hours. A Romanian worker sacked in 2007 for use of personal e-mail during work hours had appealed against a ruling by the Romanian courts that upheld his dismissal.
However the ECHR upheld a ruling by the Romanian Court, stating that it was not 'unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours'. This raises important issues for employees throughout the EU.
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the 28th January 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on 28th January.