European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Transparency and Notification in the Age of Internet: more Effective Protection in Practice Peter Hustinx 20 May 2009

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Transparency Key principle of data protection Fair and lawful processing –Awareness of data subjects –Scrutiny by general public Notification to supervisory authority Ensuring effective compliance –Focus on four dimensions

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Controllers Responsibility is legally implied Data governance and accountability –More transparency and internal control Relevant options for improvement –Mandatory security breach notification –Scope of security measures »Against unlawful forms of processing

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Data subjects Information on collection –Fairness in specific circumstances –Exception if already informed Provide earlier when appropriate Layered information notices –Useful guidance of WP29

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Supervision Obligation to notify –Prior checking, notification, exemptions, etc. –Significant diversity at national level Search for alternatives –Simplified registration of controllers –Additional requirements for risks –Data governance and accountability –Third party verification and transparency –Strong powers and effective sanctions

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 General public Registers of limited use Enhance public accountability –Assurance in public reports –Competition in data protection Scalable requirements for SMO Effective checks and balances

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 More information: Postal address: Rue Wiertz 60 - MO 63 B-1047 Brussels