Britons to gain 'right to be forgotten'

Britons to gain 'right to be forgotten'

Summary: People's data must be completely deleted from websites when they chose to stop using them, while the rules governing law enforcement's use of data need to be updated, according to the European Commission

TOPICS: Security

The European Commission has given details of a far-reaching strategy to strengthen data protection laws.

Citizens should have the 'right to be forgotten', the Commission said in a statement on Thursday. Justice spokesman Matthew Newman told ZDNet UK on Friday that data entered on social-networking sites is currently too difficult to delete.

"At the moment the process [of data deletion] is rather cumbersome, and it's not clear that it has all been deleted," said Newman. "If you decide you don't want to have data on a site, you should be able to withdraw consent and have the data deleted." According to the Commission's statement, people should be able to give informed consent about how their data is collected and processed, for example when surfing online.

"Existing rules that require consent are not always being followed," said Newman. Although the Commission refused to name any companies, Facebook, the most widely used social network, does not allow a user to delete all their profile details from the company's servers, even if they deactivate their profile.

Read this

Commission refers UK to court over privacy laws

The European Commission has asked the ECJ to rule on whether the UK's privacy laws are adequate, in a case that began with complaints about BT's trials of Phorm advertising technology

Read more+

Police and criminal justice system data protection rules will also be overhauled, said the Commission. While law enforcement must be able to carry out investigations, data access must be proportionate, and citizens should have the right to give consent as to how their data is used, said Newman.

"It's important that people's rights are respected in police and judicial co-operation," said Newman. "If there is an ongoing police investigation, we can't compromise that, but you will have rights to know what information is being collected about you and give consent."

The proposals, which are the product of a policy review, are ultimately designed to be included in an overhaul of the Data Protection Directive, following consultation. The revamped directive framework is due to be discussed by the European Parliament in 2011.

The principle of consent is likely be written into the legislation, said Newman, and will cover the use of deep-packet inspection, a monitoring technique that examines every packet of data.

"The general principle of consent will [almost] certainly be part of the legislation," said Newman. "The directive is technologically neutral, but if there are instances of deep-packet inspection, organisations [performing the inspection] will need to have consent." 

The proposals for updating the Data Protection Directive, which is 15 years old, will include data protection for information passed outside of Europe, according to the Commission's statement.

The Commission is also in the process of reviewing the Data Retention Directive, which specifies that ISPs should store communications traffic data for between six months and two years.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Every user deserves a right to be allowed to stop using facebook whenever they feel like. the user should be given a change to delete all his/her information and quit facebook for good. facebook doesnt offer this today and continues to sell our information to third parties. we should be able to use social networking without having to think about our privacy. sites such as mycube and diaspora are offering complete user privacy and i will switch to them as soon as the open to avoid such issues in the future.