The rationale behind the draft report is to address consumer privacy concerns with a view to driving e-commerce. Differences between national data protection laws impede the free movement of personal data across borders. The report addresses the best way round these privacy obstacles, both managerially and technically.
The main recommendations in the report are:
- To establish a common European set of Best Practices for data protection and make this available for free or at low cost to help businesses and data managers ensure that they are compliant with the Data Protection Directive and, where appropriate, the diverse European national laws and additional requirements.
- Do not initiate management standards, especially in the sense of those requiring a formal certification for which large parts of the market do not appear ready. Instead, await current developments in the Consumer Policy Committee of the International Organisation for Standardisation.
- Develop a technical report on data protection principles and privacy, explaining the technologies used in privacy protection and the fundamentals of the Directive and national legislation within Europe.
- Establish a clear set of assessment criteria based on user requirements which will assist evaluation and understanding of privacy enhancing technologies.
- Study current data protection auditing practice, discuss with national Data Protection Commissioners, auditors and legal practitioners what best practice is in the area, and prepare a report on the issue.
- Develop a set of common criteria for what Web Seals should attest to, how that attestation is made, and what audit and oversight applies.
- Develop a standard set of contract clauses reflecting the requirements of the security requirements placed on data controllers by the Data Protection Act, for example, the requirement that databases should be protected against hackers.
A committee of the IPSE will consider the draft report at an open meeting on 27th September to address whether standardisation would aid privacy. Public comment is requested by 31st August to [email protected].
If you have any questions about how this relates to your business, you can e-mail [email protected] for help.