1.Where did it come from?
The EU Data Protection Directive which is also known as directive 95/46/EC, is a regulation adopted by the European Union to protect the privacy and protection of all personal data collected for or about citizens of the EU. It was adopted in 1995 and relates to processing, using or exchanging such data. It’s an important component of EU privacy and human rights law.
2.The seven principles
In 1980, the Organisation for Economic Cooperation and Development (OECD) wanted to create a comprehensive data protection system throughout Europe, so they issued the “Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data” which was based on seven principles that are listed below:
- Notice– Data subjects should be given notice when their data is being collected
- Purpose– Data should only be used for the purpose stated and not for any other purposes
- Consent– Data should not be disclosed without the data subject’s consent
- Security– Collected data should be kept secure from any potential abuses
- Disclosure– Data subjects should be informed as to who is collecting their data
- Access– Data subjects should be allowed to access their data and make corrections to any inaccurate data
- Accountability– Data subjects should have a method available to them to hold data collectors accountable for not following the above principles
3.The new data protection regulation (aka GDPR)
The General Data Protection Regulation (GDPR), adopted in April 2016, will supersede the Data Protection Directive and is planned to be enforceable starting on 25 May 2018.
This was adopted by the European Parliament and this new regulation expands upon previous requirements for collecting, storing and sharing personal data and requires the subject’s consent to be given explicitly and not checked off by default. The European commission’s objectives with this new GDPR legislation include:
- The coordination of 27 national data protection regulations into one unified regulation
- The improvement of corporate data transfer rules outside the European Union
- The improvement of user control over personal identifying data