Data Protection

DEFINITION

Data protection refers to any personal data that is gathered or processed. Data protection is a very European concept, based on the one hand on the privacy as fundamental right of each indivdual as laid down int he European Human Rights Charter, and on the other hand, on the concept of free movement of such data. Rules that govern Data Protection in the EU are laid down in the Directive 95/46/EC.

IMPACT ON e-BUSINESS

Data Protection is most relevant in connection with client data (where an individual person) and consumer rights (where the client is a consumer) but can play a role in relation to employees as well. Data processing (that is, the collection of data like, name, address, contact details, consumer profile) is subject to 3 principles: transparency, legitimate purpose and proportionality.

Transparency
The person whose data are to be processed knows about it, agrees, can have access to his/her data and modify them.

Legitimate purpose
The data collected are for a specified explicit and legitimate purpose, e.g. to send the purchased product to the client. These data may not be used for other purposes unless the person agrees.

Proportionality
No data not directly linked or not directly necessary to the legitimate purpose may be collected.
Example: You sell on-line products and for this purpose you have a database of your individual clients (=persons; B2C= business to consumers). In legal terminology, you are the data "controller", the clients are the data "subjects". These data are for the sole business purpose, e.g. to send the product to them. If you wish to use the data to send them information on, let's say, promotions, you need their PRIOR consent (e.g. to send them advertising on the promotion). Otherwise, this advertising can be considered spam. However, if your clients are other companies (B2B = business to business), you may use their data for advertising a promotion as long as it is related to your already existing business relation. That means, if you sold them software, you are not legitimated to advertise, let's say, a wine promotion campaign to them.

MORE ON DATA PROTECTION

Sensitive data, such as data on the person's religion or health, are subject to stricter rules. These data are relevant wherever patients data are coleclted and processed automatically.

Personal data may only be transferred to third countries if that country provides an adequate level of protection. The USA as major trading partner of European companies provides what is called "Safe harbour principle" that is disputably adequate.
Enterprises from outside Europe consider European data protection law as a major barrier to effectively running a cross-border business.

PRACTICAL LINKS

WIKEPEDIA article on Data privacy
Protection of personal data in the Information Society

Personal data protection:

ec.europa.eu/justice_home/fsj/privacy/index_en.htm

Protection of individuals with regard to the processing of personal data and on the free movement of such data
europa.eu.int/eur-lex/lex/LexUriServ/LexUriServ.do

It has been implemented in national legislation of EU Member States:

www.europa.eu.int/comm/justice_home/fsj/privacy/law/implementation_en.htm

www.europa.eu.int/comm/justice_home/fsj/privacy/

RELATED ISSUES

Privacy
Consumer Protection
B2B
B2C

Average rating

(3 votes)

Login or register to post comments
Printer-friendly version

User login

Search in the Lexelerator website

Search in the Lexelerator website and in other relevant websites

Subscribe here to our RSS Feeds

_{Lexelerator is funded by the EU in the context of the LEKTOR project}