I have had a look at the changes in Law, and thus the potential changes in data protection strategy since I first wrote about the conflicts between privacy, compliance and law enforcement.
The US courts have been siding with citizens and their privacy rights, the ECJ has been doing the same. Parliament has been going in the opposite direction, although the Supreme Court has declared the Data Retention laws to be contrary to Human Rights Law and should we actually leave the EU we will find obtaining an “Adequacy” agreement harder than we’d hope as the EU Parliament, Commission and the EU Data Protection Supervisory board focus on the rights of privacy from Governments. This will be a significant problem if the ECJ strikes down the model clauses and binding corporate rules.
I briefly touch on the fact that the European Laws are meant to be implementing the globally agreed seven principles of Data Protection, of Notice, Purpose, Consent, Security, Disclosure, Access and Accountability and that in a rights based jurisdiction, these rights must be protected from the Government as well as from Corporates.
The language has developed since 1980 but these principles were agree by the OECD in 1980.
I conclude the article by saying,
Today, under EU law, the lawful purpose would seem to be more flexible, cross border transfers are more restricted, and may become more so, and the EU is more concerned about nation state compliance; it’s what you’d expect from a political entity consisting of states and the children of people surviving fascist or Stalinist rule.
This political heritage should be remembered by those that see these laws merely as a business burden,
Pingback:Eternal vigilance – davelevy.info