Voss Report is out: breach notification will, le Doit a l’Oubli might…
The European Parliament has approved the report by German Christian Democrat Axel Voss supporting the EC’s reform of the 1995 Data Protection Directive.
“Putting people back in control of their personal data is a priority for me,” commented Viviane Reding, the EU’s Justice Commissioner in a brief statement. I wish that were true. Ask any innocent person whose DNA is recorded in the UK’s National DNA database just how much control over that personal data they actually have.
So when we talk about the EC’s concern over personal data, it must have the rider ‘excluding any and all data that your government and police and health authorities and local bureaucracies and education authorities might have or gather with or without your knowledge‘.
That aside, Ms Reding’s brief statement shows one thing. The Voss report apparently states that people must be able to have their data easily deleted, corrected or blocked and be informed about any misuse or lapses in data protection. That’s two things in particular: le Doit a l’Oubli (or right to have your data removed, such as from Facebook or Google); and a requirement for breach notification.
Ms Reding concludes
I intend to introduce a mandatory requirement to notify data security breaches for all sectors.
But nowhere is she so explicit about le Doit a l’Oubli. And let’s face it – taking on the might of the social networks and the search engines and the behavioural analysts is a different kettle of fish. Le Doit a l’Oubli is an aspiration, not an inevitability.