Data Protectione in Europe travels on two main channels: the juridical-legislative one and more operational one, which normally takes effects in Internal Affairs.
In facts, Brussels has been looking for a long time to regulate the delicate topic, which clearly founds large difficulties, due to the large differences between the legal systems of the Members States. As we already mentioned on europeanaffairs.media, Europe legislates under a procedure known as co-decision, jointly divided, although with different tasks, between the EU Council and the European Parliament.
Two legisltative instruments are being studied in the Council: a Directive and a Regulation. As known, one commits Member States to a result and, at most, within specified timelines, leaving some margin of discretion to the countries concerned on how to achieve the goal. The other tool, however, binds in detail all EU states.
At the table of the Council Group dealing with the matter, called DAPIX (Data Protection Information Exchange) and its subgroups, sit – for almost all member states – representatives of the judiciary and the Privacy Authorities, that interface from time by time on the various chapters and articles of the texts in question, and that relate to their Countries on ongoing proceedings. In certain subgroups, also representatives frome the Police Forces of the Member States, who are directly involved in the use of databases for purposes of investigation and prosecution, have the task to intervene and to converse on the effectively outcomes produced by specific legislation of the sector, such as the c. d. Prüm Decisions.
Recent rumors portend that the approval of the the two pieces of legislation – the one with general characteristics and the other laying down more stringent ones – it’s pretty close and that the current Presidency, currently assigned to the Grand Duchy of Luxembourg, wants to remove all possible obstacles. On the sidelines of the legislative process in place, we must mention the presence of a major European institution: the EDPS, the European Data Protection Supervisor.
Since the European institutions deal with collection, recording, store or use of the information related to the data of EU citizens, one of the main tasks of the European Institution is, of course, to act as a checker on compliance with current privacy laws. But this form of control is also reflected in the handling of complaints from citizens who call upon its intervention and the management of related disputes, or in the surveillance of new technologies that in any way may affect data protection. Last but not least, an advisory function to the institutions and bodies on all aspects related to the processing of personal data and related policies and legislation is ensured. The Role of European Supervisor is currently governed by the Italian magistrate Giovanni Buttarelli.
The adoption of common rules on protection of personal data, which deserves a lot of volumes of discussion, is a complex and sensitive area that will produce inevitable effects even in enterprise security and the economic system of the Member States. Consider, for example, the establishment of the post of Privacy Officer, who will become a key figure in the decision making of enterprises and that will assist the Security Manager in the management of the security of logic and digital information.