Personal data protection is changing.
After the modifications introduced by the Monti government in Italy, the recent proposal for a regulation relating to the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (2012/0011 – 25 .1.2012) is about to greatly change the picture.
The most important characteristic of the draft regulation is the change in the regulatory instrument which is not a directive, but a regulation.
This is to ensure the uniformity of the new regulation: a single EU “law” instead of 27 “laws”.
In fact, complexity and juridical uncertainty create a cost which Europe must eliminate in order to present itself as a single market.
Thus a European model would counterbalance the US model.
What are the main changes?
Speaking of general principles, the main changes concern the emphasis on the social function of the right to personal data protection, the increasing role of the principle of reasonableness and the importance given to the timescale.
The most relevant changes in greater detail are:
– The right to be forgotten
– The right to data portability
-The principle of accountability
-Privacy by design
-The increased emphasis on security expressed in:
Security breach notification
Data protection impact assessment
– More detailed regulation of transfers of personal data to third countries.