Data protection has become something of a buzzword (or two). This was brought home to me recently during a meeting with officials from the European Commission, who regarded data as ‘worth more than currency’.
Companies trade information about you all the time. When using Facebook, your personal data is transferred to private companies to target you with branding. Some may well say it is annoying but what’s the problem?
The problem is, indeed, severe. Imagine a healthcare provider having access to your online shopping list and bumping up the premium because you enjoy the occasional chocolate bar, or you’re online looking for a holiday, and because of your search history the airline companies put up their prices?
For these very reasons, Article 8 of the EU’s Charter of Fundamental Rights specifically protects the data of the individual, further ensuring purpose limitation of data, rights of access to personal data by the subject, and the importance of independent authorities in assessing compliance of national law, the first document of its kind to do so. The EU has long recognised the trend towards selling of data, and even now a data protection package is moving through the European institutions to ensure personal data isn’t used to disadvantage the consumer.
All of this makes the European Court of Justice’s recent ruling on the so-called ‘Safe Habour’ Decision so important. The Data Protection Directive sets out the requirement that transfer of personal data to a non-EU country is done only when that country provides an adequate level of protection. It can hardly have escaped anyone’s notice that the USA has been criticised for the way it handles personal data, given the revelations by Wikileaks and Edward Snowden.
In the case at hand, an Austrian citizen complained that his data was being sent by Facebook, via its servers in Ireland, to the United States, where legislation allows the storage of all personal data with no exceptions. The Court of Justice concluded that this contravened the rights to respect for private life, and the right to effective judicial protection.
The Court was also careful to stress that the EU could not limit the rights of national authorities to deem data transfer as against data protection rules, flying in the face of repeated Tory and UKIP accusations that the Court repeatedly seeks creeping EU power.
What does this mean for the citizen? Essentially, he or she has the security of knowing their data is never without the oversight of their national authorities, which can ask the courts to invalidate national law contrary to data protection.
This provides yet another example of the benefits of remaining in the EU. We should be lending our full support to the EU’s objectives in the field, and taking full part in the European Commission’s proposed regulation of online service providers. As part of a European Union, we can ensure our citizens are not taken advantage of in the online world, wherever they want to go and whatever they want to do.