"EU rules are there
to protect everyone's personal data. The European Commission has proved
its commitment to making these rules fully respected by all 27 EU
countries. Innovation is important in today's society but should not go
at the expense of people's fundamental right to privacy. Now we have to
make sure that the general data protection rules are up-to-date with
technology and as comprehensive the Lisbon Treaty requires," said Viviane Reding, the EU's Information Society and Media Commissioner. "EU
rules should allow everyone to realise their right to know when their
personal data can be lawfully processed, in any area of life, whether
boarding a plane, opening a bank account or surfing the internet, and
to say no to it whenever they want."
e-Health Nutrio-genetics
Remember, the privacy case about genetics and bio-technology.
Actually, some services in the cloud computing about sensible personal data, nutrio-genetics (for exemple, the restaurants that have acces about personal information about the nutrio-genetics).
In my opinion, is more important the control about Robinson's list with these sensible data. The competence about this sensible data control compliance, health data, is for the Health Authority Agencies.
The personal medical information is under control for the Health Authority Control. But, who controls the Health Authority Agencies? Who is the supervisor for the Health Authority Agencies on national and at EU levels to ensure that there is compliance with data protection requirements.?
privary issue
thank you for your comment.
eHealth is an great example of the need not only for regulaton but also of a comprehensive system of control
eHealth privacy issues...
One of the most common is the mixture between MEDICAL an COST MANGEMENT.
Doctors in Italy are asked to provide patient record to country healtcare managers to improve cost management and to check their practice.
This is unaceptable IMO and the autority in Italy clearly confirm it in two guidelines (in italian)
http://www.garanteprivacy.it/garante/doc.jsp?ID=1679033
(on line medical results)
http://www.garanteprivacy.it/garante/doc.jsp?ID=1634116
(EPR, Fascicolo Sanitario Elettronico)
Regulation & practice
Well, privacy always looks nice when a politician talks about it. But in face of a regulation that leaves it to the data subjects to go to court with their own money, I personally wished that data protection in Europe was organized with more executive power, really policing what happens in the economy, too. Adminstration and health are government domains, while most of today's data is handled by industry.
Oddly enough, the European Commission was happily upfront in the recent years, giving non-European countries free access to passenger records, financial transaction data, communication traces etc. I am very glad that the SWIFT deal was stopped. Where is the point in regulation data protection when the adminstrators give away data pools for free?
Structurally, I think that personal information use should be policed. Whenever you try to get access into information, 9 of 10 companies don't even reply. I suggest there should be a web portal through which such requests are bundled, and replies are forwarded back. That way, there is a track record of who is following legal duties - and who not. In addition, we need an increased liability for data controllers - otherwise they might never feel an incentive to actually invest in security and privacy technologies and training.
Mrs. Redding is right - however it doesn't seem that the Comission is following her closely.
Privacy and Policies
I totally agree. There is a clear gap. The involvement of international organizations and international independent authorities could be a solution