Tougher privacy rules on the cards

Proposals include more data protection audits and privacy seals for IT products

Companies could soon face pressure to improve their data protection practices after both the UK’s privacy watchdog and the European Commission (EC) announced proposals to better protect individuals’ privacy rights.

Speaking to a Parliamentary Home Affairs Select Committee, information commissioner Richard Thomas proposed new safeguards to help ease public concerns about the emergence of a “surveillance society”.

Thomas called for the Information Commissioner’s Office (ICO) to be awarded stronger powers to carry out Data Protection Act audits at UK firms. Currently the ICO has to gain consent before carrying out an inspection.

“People now understand that data protection is an essential barrier to excessive surveillance,” Thomas advised. “But it is wrong that my office cannot find out what is happening in practice without the consent of each organisation.”

Thomas also called for privacy impact assessments to be introduced for new IT projects that involve surveillance aspects. These would require organisations to detail the privacy impact of new technologies and how that could be minimised. The ICO also recommended it be consulted before significant new developments are given the go-ahead.

Separately, the EC has adopted a communication designed to ensure good privacy practices across Europe.

The proposals include the possibility of rolling out a Europe-wide privacy seals system, which would mark out certain products as compliant with data protection rules.

The EC also plans to promote the development and use of Privacy Enhancing Technologies (Pets) as part of the IT design process. Uptake of Pets would minimise the amount of personal data that IT systems collect, and automate their compliance with data protection rules, it explained.