Legal base	—
Document originated	2 May 2007
Deposited in Parliament	9 May 2007
Department	Ministry of Justice
Basis of consideration	EM of 8 June 2007
Previous Committee Report	None
To be discussed in Council	No date set
Committee's assessment	Legally and politically important
Committee's decision	Cleared

Background

17.1 Information and communication technology is in a state of constant development, providing new ways of supplying services to business and the general public. Use of such services may involve the exchange of personal data whenever individuals purchase goods or services, establish or maintain contact with others or communicate ideas on the world wide web. With the benefits come the risks of identity theft, use of data to create profiles, surveillance and fraud.

17.2 The protection of personal data has been the subject of action at EC level in the form of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Data Protection Directive),[45] and Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (the Directive on privacy and electronic communications).[46] Where data is exchanged on a world-wide basis, the effectiveness of such rules can be limited for practical and jurisdictional reasons.

17.3 However, the risks to personal data may also be reduced by technical means, often referred to as privacy-enhancing technologies (PETs). These minimise the collection and use of personal data without affecting the functioning of the information system, and so help to make more difficult any breach of data protection rules or invasion of privacy.

The Commission Communication

17.4 The Communication from the Commission describes PETs, before turning to the means the Commission intends to employ to support their development and use. Examples of PETs given in the Communication include systems for the automatic anonymisation of data (so that any data which is processed after a lapse of time is no longer kept in a form which allows the data-subject to be identified), encryption of data and 'cookie-cutters' (i.e. means of blocking cookies placed on a individual's PC ). A further PET is a Platform for Privacy Preferences (P3P), which allows internet users to analyse the privacy policies of particular websites so as to ensure that the user can give informed consent to the use of his data.

17.5 The Commission considers that PETs should be developed and used more widely, believing them to be complementary to the existing legal framework. Nevertheless, the Commission also notes that they should not be used to prevent law enforcement or other competent authorities from intervening in the lawful exercise of their functions in respect of some important public interest such as dealing with 'cybercrime', preventing terrorism or the spread of contagious disease.

17.6 The Commission calls on data controllers to incorporate PETs more widely and on national authorities and the private sector to invest in their development. The Commission will also seek to encourage interested parties to meet to discuss the use of PETs, but will also assess the need to develop standards for the lawful processing of personal data with PETs. This may lead to standardisation through European and international standards organisations, or the coordination of national technical rules on security measures for data processing.

17.7 National authorities are also urged to use PETs to the widest possible extent in the electronic provision of government services. The Commission states that it will ensure that it complies with the requirements of Regulation (EC) No 45/2001 through a wider use of PETs in applications involving the use of personal data.[47]

17.8 A final section of the Communication is concerned with the interests of consumers. The Communication calls for simple and understandable information to be made available to allow an informed choice to be made when purchasing hardware and software or when using electronically provided services. The Commission will also investigate the feasibility of an EU-wide system of "privacy seals" as a means of certifying that a given product ensures the protection of data , in particular by incorporating appropriate PETs.

The Government's view

17.9 In her Explanatory Memorandum of 8 June the Parliamentary Under-Secretary of State at the Ministry of Justice (Baroness Ashton of Upholland) acknowledges the Commission's view that PETs can play a role in helping individuals to protect their privacy. However the Minister also points out that the Government is also mindful of the need to ensure that use of PETs does not prevent law enforcement agencies or other relevant authorities from fulfilling their lawful duties, and points to the example of a PET being used to prevent the police from discovering the identity of a person carrying on illegal activities by means of the internet.

17.10 The Minister adds that the use of PETs, particularly with regard to data processed through information and communication networks, should be considered on a case-by-case basis and that the Government look forward to further Communications on this subject as the Commission's work develops.

Conclusion

17.11 We agree with the Minister that the use of privacy-enhancing technology can be useful to protect the privacy of individuals and is to be encouraged, subject to any overriding public interest, such as the detection or prevention of serious crime.

17.12 We note that the Commission makes no proposals for legislation at this stage. Given the likelihood that solutions for the protection of privacy will be market-led, it is our view that regulation in this area at EU level needs particular justification.

17.13 We now clear this document.

46   OJ No. L 201 of 31.07.02, p37. Back

47   The Commission is bound by the terms of the Regulation in any event. Back