The Information Commissioner's Office (ICO) asked a multidisciplinary international research team led by RAND Europe with time-lex and GNKS-Consult to review the strengths and weaknesses of the European Data Protection Directive 95/46/EC and propose avenues for improvement.
The Directive can be regarded as a unique legal instrument in how it supports the exercise of a right to privacy and rules for personal data protection. Its principles are regarded in many quarters as a gold standard or reference model for personal data protection in Europe and beyond. However, the Directive must remain valid in the face of new challenges, including globalisation, the ongoing march of technological capability and the changing ways that personal data is used. Although the flexibility of the Directive helps it to remain current, its effectiveness is undermined by the complexity of the cultural and national differences across which it must operate.
In order to understand the strengths and weaknesses of the Directive and to suggest ways in which European data protection arrangements may remain fit for purpose, the study team reviewed the relevant literature, conducted 50 interviews with privacy practitioners and regulators, experts and academics, and ran a scenario-based workshop to explore and evaluate potential avenues for improvement.
The ideas presented here provide some food for thought on how to improve the data protection regime for citizens living in European countries and are intended to spark debate and interaction between policy-makers, industry and experts. Such a review cannot claim to be the last word.
Table of Contents
The European Data Protection Directive
The evolving context
How does the Directive stand up to current challenges?
List of Interviewees
Workshop Terms of Reference & Scenario Framework
Policy conclusions from the workshop
List of workshop attendees