01 December 2010

Why the EU needs new personal data protection rules

Speech by Viviane Reding Vice-President of the European Commission, responsible for Justice, Fundamental Rights and Citizenship Privacy matters, The European Data Protection and Privacy Conference Brussels, 30 November 2010. I want to introduce the "right to be forgotten". Social network sites are a great way to stay in touch with friends and share information. But if people no longer want to use a service, they should have no problem wiping out their profiles. The right to be forgotten is particularly relevant to personal data that is no longer needed for the purposes for which it was collected. This right should also apply when a storage period, which the user agreed to, has expired. Existing legislation has led to divergences between the national laws. Even when there is only one European issue, there is not always one European response. Take the example of Google StreetView and the collection of snippets of personal information from unsecured WiFi networks. This did not only prompt different responses by national data protection authorities but it also led the company to provide different remedies for individuals in different Member States. This situation runs counter to both of the two main objectives of the existing Data Protection Directive: ensuring the protection of a fundamental right and ensuring the free flow of personal data within the Single Market.