Brussels, 14 April 2009
"Europeans must have the right to control how their personal information is used," said Viviane Reding, the EU's Commissioner for Information Society and Media, announcing several areas in which the Commission is ready to act to maintain this right as technology trends make it easier to use, and misuse, personal information. She warned that the EU would take action where Member States fail to implement EU rules ensuring privacy and the need for a person's consent before processing his or her personal data.
"European privacy rules are crystal clear: a person's information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored in exchange for a promise of 'more relevant' advertising! I will not shy away from taking action where an EU country falls short of this duty," said Commissioner Reding in her video message.
Viviane Reding also warned that Radio Frequency IDentification (RFID), the smart chips integrated in products to send radio signals, would only realise their economic potential "if they are used by the consumer and not on the consumer. No European should carry a chip in one of their possessions without being informed precisely what they are used for, with the choice to remove or switch it off at any time."
The Commissioner also called on social networking companies to reinforce privacy protection online: "Privacy must in my view be a high priority for social networking providers and their users. I firmly believe that at least the profiles of minors must be private by default and unavailable to internet search engines. The European Commission has already called on social networking sites to deal with minors' profiles carefully, by means of self-regulation. I am ready to follow this up with new rules if I have to."
The EU Directive on privacy and electronic communications requires EU Member States to ensure confidentiality of the communications by prohibiting unlawful interception and surveillance unless the users concerned have given their consent (Article 5(1) of Directive 2002/58/EC). The EU Data Protection Directive specifies that a person must freely give specific consent and be informed before their personal information is processed (Article 2(h) of Directive 95/46/EC).
Last February the Commission brokered an agreement between 17 major social networking companies to improve privacy, especially of minors, on social networking websites (IP/09/232). In this agreement companies recognised their responsibility to ensure child safety and committed to enabling and encouraging users to employ a safe approach to personal information and privacy. Later this month they will inform the Commission about their individual safety policies and how they will put in place the principles in the agreement.
Commissioner Reding's video message is available at: