European CNIL agreement: the protection of personal data becomes “a fundamental right”

by bold-lichterman

“The protection of personal data is a fundamental right” : This is how the “Joint declaration of the European data protection authorities»Officialized Monday, December 8 by the European CNIL. The text, adopted since November 25, 2014, is a form of response to citizens’ mistrust of the capture and use of their personal data. A social subject that has experienced a strong resurgence of interest since the revelations of Edward Snowden.

“Personal data is the elementary particle of [du] digital world ”underline the European authorities. “The functioning of the digital environment is based on complex information infrastructures that private actors have developed for their own needs. These collect gigantic amounts of personal data that some of them often store, process and share without leaving the individual a sufficient level of control and without being subject to effective supervision. In addition, as Edward Snowden’s revelations recently unveiled, public authorities and intelligence services demanded massive access to these data infrastructures for other purposes, including national security.

This is how the CNIL justifies this Joint Declaration: “The massive and routine nature of this access shocked the whole world. From now on, the challenge is to address the crisis of confidence that these revelations have generated towards governments (national and foreign) and intelligence and surveillance services. It is also raddress the underlying issue of controlling access to these gigantic amounts of personal data. How to build a framework that allows both private companies and organizations to innovate, to offer products and services that meet consumer demands and public needs, for surveillance and intelligence services to fulfill their missions in the within the framework of the law, and not for all that to sink into a surveillance society ”.

Here is the 15 key points of the Declaration:

[Valeurs européennes]

  • The protection of personal data is a fundamental right
  • The rights of individuals with regard to the protection of their data must be combined with other fundamental rights
  • Technology is a means that must remain at the service of man.
  • Public confidence in the products and services of the digital economy largely depends on industry compliance with data protection rules.
  • Awareness and human rights need to be strengthened.

[Surveillance à des fins de sécurité]

  • Secret, massive and indiscriminate surveillance people in Europe, (…) does not comply with European Treaties and legislation.
  • Access to personal data for security purposes is not acceptable in a democratic society since it is massive and unconditional.
  • The processing of personal data in the context of surveillance activities can only take place within the framework of appropriate guarantees defined by law.
  • The public authority of a State which is not a member of the Union cannot in principledirectly access personal data covered by European rules
  • None of the provisions in the European instruments aimed at regulating international data transfers between private parties cannot serve as a legal basis for transfers of data to the authorities of third countries for the purposes of massive and indiscriminate surveillance
  • The data storage in the territory of the Union is an effective means of facilitating the exercise of [leur] control.
  • The data protection rules of the Union (…) must be considered as binding international principles in public and private international law.

[Influence européenne]

  • The European draft regulations and directives relating to data protection are due to be adopted in 2015.
  • The European level of data protection cannot be eroded, in whole or in part, by bilateral or international agreements, including trade agreements on goods and services to be concluded with third countries.
  • The balance to be struck between data protection, innovation and surveillance does not imply neither to rebuild the internal borders of the Union nor to close the doors of Europe

This Declaration should apply to States as well as to companies. But has so far no direct application at the level of law.

Read also:

>> [Test] How much is your personal data worth?

>> Personal data: MPs remain in the dark

Photo credit: Fotolia, royalty-free stock images, vectors and videos