Keynote speech. Chairs: Pere Fabra
Céline Deswarte. Policy Officer, European Commission. Directorate General for Communication, Networks, Content and Technology.
Towards a future proof legal framework for digital privacy in Europe
EU legal framework for Digital Privacy: General Data Protection Regulation 2016/679/EU + ePrivacy Directive 2002/57/EC.
When you are surfing online you produce key information on time of connection, browsing history, location, etc. which can be retrieved. Telecom providers must anonymize or delete traffic and location data of their users and subscribers. When it is stored in hour own computer (e.g. cookies) the user must have given their prior consent after having been duly informed.
But is it consent strong enough? It is difficult to understand that consent is given “freely” if data subject has no genuine or free choice or unable to withdraw consent without detriment.
Protecting your personal data, when e.g. buying online. Companies must rely on a legal basis to process personal data, and respect principles of data processing.
On the specific issue of profiling, sharing personal data with a third party implies the right to be informed about it. Profiling is lawful unless it is equivalent to a decision with legal effects that is significantly harmful to the individual (e.g. one can lose one’s own job). Besides, there has to be a respect for the individual’s rights, e.g. the right to object at any time including profiling, and then data processing must stop.
Member states shall ensure the confidentiality of one’s electronic communications and related traffic data. So, it is not only about privacy in the sense of what you do, but also in the sense of what you say and to whom.
The big problem here is to whom applies all this regulation, as actors are many and different. So far, these principles only apply to telecom providers, while new market players like Voice IP or instant messaging, etc. do not need to respect this. In other words, social networking sites provide communication services but do not fall into the category of telecommunications providers.