Council of Ministers on DP Revision

The European Council of Ministers has published a contribution to the revision of the Data Protection Directive. Sadly this doesn't make any mention of the problems with indirectly linked identifiers, but it does recognise that a law that creates large hurdles for European businesses wishing to use cloud and other services hosted outside the continent is no longer workable (the text actually says "not fully successful", but you get the idea). Unlike the Commission, who often seem relaxed about the idea of isolating the continent, the Council "recognises the economic importance of technological developments and the need for legislation to reflect the economic importance to the European Union of international data transfers".

On Data Breach Notification, the Council "encourages the Commission to explore the opportunity as well as the costs to business and EU competitiveness in extending data breach notification obligations to sectors other than the telecommunications sector", though advising that notification should only be required where a breach "can impact negatively on the individual's privacy".

Finally there is an interesting shift of emphasis in that although the main responsibility for protecting personal data remains with the organisation who benefits from its use "there is also a major need to increase the data subject's awareness of the implications of sharing his personal data" (their underlining!). It seems that Ministers are also getting frustrated by the way citizens keep throwing their personal information around, despite the law's best efforts to protect them ;-)