European data protection legislation must respect "human dignity"
GDPR must reflect technological changes, but these cannot override rights, says EU expert
Technology cannot be allowed to take precedence over the fundamental human right to privacy, according to an EU data protection expert.
Speaking to delegates at the annual iSSE security conference today, Wojciech Wiewrowski, assistant European data protection supervisor, said the existing European data protection legislation, written in 1995, has little bearing on the world of today.
"We all know the world of 1995 looked completely different from the point of view of processing all the data, including personal data, than it looks at the moment. Yes, we had email accounts, we used the internet in 1995 ... but that was a different world," he told the audience.
"I don't mean only the fact there were no social networks in this time, I mean also there was no worldwide web at this time, we were encoding and decoding the data ... we were using Gopher [an IP application layer protocol to distribute, search, and retrieve web files]."
Wojciech Wiewrowski speaking at the iSSE security conference
However, while the world may look different, Wiewrowski said, that doesn't mean values have to change.
"We don't want the technologies to change the values that this society is built on. This society is built on the values that are in the core of human dignity and that simply means that recognising that the world is changing [so] we should adapt ourselves to the situation, but it does not mean that we should forget or we should abandon the rules that we had in the past," he said.
Wiewrowski added that this is central to the General Data Protection Regulation (GDPR) that is currently in the final "trilogue" stages of discussion, where the European Commission, European Parliament and European Commission come together to work out the final draft.
"The centre of the data protection is the data subject, which ... I would like to stress, is not only the data subject, it's a human being. It's a human being with dignity and that's what all this law is built around," he said.
Arguing that in order to enforce this, there needs to be a good balance between ethics and legislation, the supervisor contended that technology needs an emphasis on privacy by design.
"[It] is not enough to think about only the law. It is not enough to talk only about the matter of compliance. Actually, ethics is something that should be in the core of the activity of the ... information managers, information engineers," he said.
"Those who are really the data miners, who are building the logics of the data mining, the only thing that makes them behave well is the ethics and the good penal law."
The final GDPR text is expected to be published by the end of the year.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now