Online privacy rights strengthened by EU data protection reform
The EU has proposed important reforms to data protection laws. The reforms have two aims: increased online privacy rights and boosting the digital economy by removing or easing some unnecessary administrative burdens.
The most eye-catching change in privacy rights is the proposed creation of a ‘right to be forgotten’. To help people manage data protection risks online, they will be able to delete their data if there are no legitimate grounds for retaining it. People will also have easier access to their own data and will also have a right to data portability - intended to make it easier to transfer personal data from one service provider to another.
The proposals emanate from the European Commission. The Commission's press release explains that the proposals will now be passed to the European Parliament and EU Member States (meeting in the Council of Ministers) for discussion. The proposals will take effect two years after they have been adopted.
The Information Commissioner has welcomed the proposal, including in particular the Commission's recognition that for the right to object to be meaningful, there needs to be a shift in the requirement from "one where the individual has to demonstrate compelling legitimate grounds for deletion to one where the controller has to demonstrate compelling legitimate grounds for retention".