Comments of the EU DATA PROTECTION COMMISSIONERS of December 1996 on GREEN PAPER ON LIVING AND WORKING IN THE INFORMATION SOCIETY COM(96) 389

There is a framework of law relating to data protection intended to protect the fundamental rights of individuals. That framework can in particular be found in the EU- Data Protection Directive 95/46/EC, the common position on the draft directive on the protection of privacy and personal data in telecommunications sector, and the Council of Europe Data Protection Convention (Treaty series 108) of 1981. It is in that context that the EU Data Protection Commissioners express a special interest in this green paper which derives from the fact that the emerging information society poses new challenges to data protectors. It was also recognised in the Bangemann report that "the demand of privacy will rightly increase as the potential of the new technologies to secure, and to manipulate detailed information on individuals from data voice and image sources is realised". Whilst fully supporting the development of new technologies which will facilitate information gathering and communication, we wish to draw attention to the data protection implications related to the use of these technologies in the information society.

As the paper focuses on improving the citizens' quality of life, we would expect to see references to the risks the information society brings with regard to privacy and the handling of personal data. The paper rightly mentions the problem of ensuring equal access to on-line services. The circulation of racist and pornographic material on the Internet is also considered as a negative aspect of the Information society. There are, however, other risks which should be identified so that fundamental rights and freedoms of citizens as well as users' and consumer rights can be protected in the information society.

Electronic government

The concept of electronic government has some real benefits to the individual. We welcome the fact that services can be provided 24 hours of the day, and that there is an opportunity to deal with the government anonymously. Accessing the information without revealing identity can be achieved by using privacy enhancing technologies such as encryption, pseudonyms or digital signatures.

Data protection problems arise if the individual's use of electronic government is to be logged and profiled. The person supplying personal data should be informed of the purposes for which his / her data are being collected and the uses to which these data will be put.

Internet

It would be helpful to give some thought to the highly insecure nature of the Internet. Citizens should be informed of the risks involved in disclosing personal or confidential data, and the fact that details of use can be recorded by service providers. We would expect to see some comments on the need to enhance the awareness of privacy considerations in this field.

Work

We would hope to see a mention of the data protection problems relating to working from home. It should be emphasised that personal data and employment related data must be kept separately, and that the employer must not have access to the worker's personal data, or the employee's family have access to employment related data.

New technologies also have implications in the workplace. The development of applications of multimedia workspaces anticipate a cultural change. Are the citizens of the European Union mentally prepared for such a change or even aware of the developments? Can technique be developed to ensure that systems are implemented in a way which reflects the natural social protocols which currently protect personal privacy at work?

New technologies in retailing

New developments in retailing, such as supermarket loyalty card schemes, enable the capture of personal data, the creation of data profiles of individuals and the use of that data for direct marketing purposes. The implementation of these new technologies must not lead to a situation where the customer does not know the purposes for which his / her personal data are being collected and any use that will be made of those data.

In Addition to these comments it might be useful to acknowledge the fact that a large number of the EU citizens are not prepared for, or informed about the information society, and therefore may not realise how their personal data could be treated in the future. It should be emphasised that any educational programmes or action plans adopted by the European Commission which relate to the information society ought to include some information of the relevant data protection matters.