Database Reference
In-Depth Information
neutral, it has withstood the test of time remarkably well. Nevertheless, the Data
Protection Directive is starting to show its age. The ever-expanding scope of the
Data Protection Directive has led to a patchwork of case law and interpretations by
the Data Protection Authorities. Furthermore, there is a lack of awareness on
data protection, costs of compliance and administrative burdens are high, and
enforcement seems ineffective.
Therefore, the EU is currently in the process of rethinking the legal framework
for data protection. To further strengthen and harmonize data protection in
Europe, a proposal for a General Regulation on Data Protection was published by
the European Commission on January 25
th
2012. With regard to the topic of this
book, the most relevant development is that more strict rules on profiling and
automated decision making are introduced. Furthermore, many ideas in this topic
are also considered in the new Regulation (e.g., 'privacy by design' and the 'right
to be forgotten').
In particular the notion of privacy by design is relevant when we look towards
the future of privacy in relation to profiling. As the technology advances, the
necessity to build limitations, restraints and protective measures into the
technology itself becomes apparent. Regulation through the technology itself is
oftentimes more efficient and effective than traditional modes of regulation and
enforcement. However, we must also be cautious not to overestimate the power
and possibilities of privacy by design. Furthermore, we must not take too narrow
an approach when it comes to privacy by design. As the legitimacy of personal
data processing is always context-dependent and the right to privacy is not
absolute, simply prohibiting the use of certain types of data, or limiting the use of
personal data to or within a particular application, is most likely not a viable
option.
Furthermore, it is likely that as the technological capabilities for gathering and
processing (personal) data continue to grow, the borders of the personal sphere
will recede further. As a result of this the
communis opinio
on what is considered a
reasonable expectation of privacy may also change. To ensure the protection of
the interests of the data subjects we must look beyond the protection mechanism
itself (i.e., privacy) and more towards the underlying goals (e.g., equal treatment,
prevention of harm). From a technical perspective this may even mean that we
need to process data in a way that is currently at odds with the current system of
data protection.
Thus, in the future, privacy might be less about erecting barriers when it comes
to processing personal data, but more about defining boundaries in terms of the
ethical use of IT in general and personal data in particular. In the context of data
mining and profiling, avoiding discrimination will likely be one the most
important aspects of ethical IT design. When we look at this possible future of
privacy, we may conclude that although the new Regulation on Data Protection
would be a significant step towards strengthening data protection within the EU,
questions remain. Given the fact that the Data Protection does not significantly
change the current system of data protection, it is questionable whether it will
Search WWH ::
Custom Search