European data protection legislation must respect "human dignity"
GDPR must reflect technological changes, but these cannot override rights, says EU expert
Technology cannot be allowed to take precedence over the fundamental human right to privacy, according to an EU data protection expert.
Speaking to delegates at the annual iSSE security conference today, Wojciech Wiewrowski, assistant European data protection supervisor, said the existing European data protection legislation, written in 1995, has little bearing on the world of today.
"We all know the world of 1995 looked completely different from the point of view of processing all the data, including personal data, than it looks at the moment. Yes, we had email accounts, we used the internet in 1995 ... but that was a different world," he told the audience.
"I don't mean only the fact there were no social networks in this time, I mean also there was no worldwide web at this time, we were encoding and decoding the data ... we were using Gopher [an IP application layer protocol to distribute, search, and retrieve web files]."
Wojciech Wiewrowski speaking at the iSSE security conference
However, while the world may look different, Wiewrowski said, that doesn't mean values have to change.
"We don't want the technologies to change the values that this society is built on. This society is built on the values that are in the core of human dignity and that simply means that recognising that the world is changing [so] we should adapt ourselves to the situation, but it does not mean that we should forget or we should abandon the rules that we had in the past," he said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Wiewrowski added that this is central to the General Data Protection Regulation (GDPR) that is currently in the final "trilogue" stages of discussion, where the European Commission, European Parliament and European Commission come together to work out the final draft.
"The centre of the data protection is the data subject, which ... I would like to stress, is not only the data subject, it's a human being. It's a human being with dignity and that's what all this law is built around," he said.
Arguing that in order to enforce this, there needs to be a good balance between ethics and legislation, the supervisor contended that technology needs an emphasis on privacy by design.
"[It] is not enough to think about only the law. It is not enough to talk only about the matter of compliance. Actually, ethics is something that should be in the core of the activity of the ... information managers, information engineers," he said.
"Those who are really the data miners, who are building the logics of the data mining, the only thing that makes them behave well is the ethics and the good penal law."
The final GDPR text is expected to be published by the end of the year.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.