by willemien bax data protection and consumer organisations
TRANSCRIPT
By Willemien Bax
Data protection and consumer Data protection and consumer organisationsorganisations
Since
1962 Representing consumer interests
EU institutions
43 members 31 countries
34 Members of staff
Forbrugerradet (Denmark)
Organización de Consumidores y Usuarios – OCU (Spain)
Stiftung Warentest (Germany)
Sveriges Konsumentråd – SK (Sweden)
VZBV (Germany)
Which? (UK)
Altroconsumo (Italy)
Consumentenbond (NL)
DECO (Portugal)
Test Achats (Belgium)
UFC - Que Choisir (France)
Bulgarian National Consumers Association – BNAP
Cyprus Consumers' Association
Consumers' Organisation of Macedonia – OPM
Estonian Consumers Union - ETL
Latvia Consumer Association - PIAA
Ghaqda tal-Konsumaturi - CA Malta
National Association for Consumer Protection in Hungary – NACPH
Croatian Union of the Consumer Protection Associations – Potrosac
National Association for Consumer Protection in Hungary – NACPH
Polish Consumer Federation
Assocation of Polish Consumers - SKP
Association for Consumers' Protection – APC (Romania)
Sdruzeni obrany spotrebitelu Ceske
republiky-SOS (Czech Republic)
TEST (Czech Republic)
ZSS - Association of Slovak
Consumers
Zveza Potrošnikov Slovenije – ZPS
(Slovenia)
Smile, you’re being watched
The glass consumer
68% are concerned about data protection
64% feel that awareness and information on these topics are not yet satisfactory
49.3 % concerned about the amount of data required by sellers
66.7 % concerned about the commercial use of personal data
82% of EU Internet users believe that data transmission is not sufficiently secure
What do consumers want?
EU Consumer summit, 1-2 April 2009 – Results of survey of consumers by the European Commission on the digital environment & Eurobarometer survey on data protection in the EU - citizens’perceptions, February 2008
What do consumers want?
10%
84%
6%
true
not true
I don't know
I have no problem providing personal data
What do consumers want?
80%
6%
14%
true
not true
I don't know
Companies buy my data without asking
What do consumers want?
9%
69%
22%
true
not true
I don't know
My private data are only used for the purpose I gave them
What do consumers want?
5%
81%
14%
true
not true
I don't know
Companies and authorities are not keeping my private data without me knowing
What do consumers want?
21%
55%
24%
true
not true
I don't know
I know where to go if I have a complaint on the use of my private data
What about the « Digital Natives » ?
82% of young people is very concerned that personal information is used without their knowledge
75% that their identity is reconstructed using personal data from various sources
69% that their views and behaviours may be
misrepresented based on their online personal information
Scientific report 'Young People and Emerging Digital Services', 2009
Problems BEUC members report
• insufficient information provided on what data collected & how used
• more data collected than strictly necessary
• privacy notices too complicated and legalistic
• little influence on whether or not personal data are « sold » to third parties
• no or insufficient reporting of security breaches or misuse
• difficult access to redress, for the moment mostly through the courts
• practically no practical help & difficult to ensure that damage is repaired/repayed
Key data protection principles
• to be informed when, why, and for which recipients personal data is collected and processed
• to collect data adequate, relevant and not excessive in relation to the purpose (“fit for purpose”)
• to have access to the collected data
• to have data kept accurate, up-to-date, rectified, erased or blocked for further processing
• to be informed before data are disclosed to third parties and to object to such transfers
Key data protection principles
• to have the data managed in a confidential, secure and transparent manner
• to be protected against accidental/ unlawful destruction, loss, alteration, unauthorised disclosure or access
• to have the minimum amount of data kept for a minimum time period
• to receive a judicial remedy & compensation for damage
Better enforcement
only 13 % of the people responsible for data protection within companies said they were very familiar with the provisions of the
data protection law
56% of the people responsible for data protection issues within companies said they were only somewhat familiar
Eurobarometer, February 2008
Some suggestions
1. better enforcement of the current directive
2. better common understanding of principles
3. drastically improved privacy notices/ integrating the unfair contract terms directive
4. standard notices to be developed with the help of consumer organisantions?
5. more use of secure-by-default and « privacy-by-design » products & processes
6. ensure data ananomity as much as possible
7. extension of mandatory data breach notification to all sectors dealing with personal data
Some suggestions
8. central contact points where consumers can get help
9. compensation for unauthorised data exchange, data loss & security breaches that lead to damage
10. easier access to redress; alternatives to going to court
11. collective actions to provide an effective deterrent against negligence and/or unlawful data exchange
12. more education and information on consumer rights and risks
Thank You
The European Consumers Organisation Bureau Européen des Unions de Consommateurs
Rue d’Arlon 80-1040
Bruxelles
Tel: 0032 2 743 15 90 - Fax: 0032 2 740 28 02 Email: [email protected] www.beuc.eu