With more advanced technologies coming into use every year, legislation can often fail to keep up with the developments in the world of IT. Think of the Computer Misuse Act, for example, rarely updated as often as the PCs it aims to protect.
The European data protection supervisor (EDPS) is the man in charge of monitoring just how well - or badly - the EU and its member states are safeguarding their citizens' privacy in the tech sphere and beyond. Now some halfway through his five-year tenure, current EDPS Peter Hustinx told silicon.com that there remain areas where the Union needs to tackle its privacy problems.
One of the most controversial pieces of legislation in recent years in the tech arena, the data retention directive - which obliges ISPs and other communications providers to keep details of customers' phone calls, texts and emails for up to two years - attracted criticism from the office of the EDPS over data protection issues.
With the directive now law across EU, Hustinx believes the lawmakers have not protected the privacy of Europeans.
"The framework for e-communications is being looked at and revised," he said. "A recent piece of legislation - the data retention directive - turned the rules upside down. We were not very pleased with that - we still think there is too little in terms of safeguards."
According to the EDPS, the legislation must be scrutinised to see how effectively it is fulfilling its mandate. Home Secretary Charles Clarke in particular championed the need for more invasive data retention laws, saying the directive was necessary in order to prevent terrorism.
"For the next step we should examine how it is working. There have been some very pointed criticisms on cost," Hustinx noted.
"I would like to see good evidence that it is working," he added.
The terrorist attacks in the US, Madrid and London during the past few years have dramatically coloured the political landscape and spurred the adoption of legislation, such as the data protection directive and the UK government's ID cards bill, that encroach further into the private lives of individuals.
However, Hustinx believes that EU citizens will start to resist such measures.
"I believe that politicians, people - you, I, everyone else - have to be aware of the real threats. At the same time, that is not going to justify disproportionate solutions - it is going to hurt the texture of trust and confidence... I think we have reached a point that more and more people start wondering whether legislation is getting excessive and that is a good thing. We have to build in safeguards and keep asking the question of 'is this necessary?'."
Hustinx also has his reservations about biometrics, currently being built into numerous databases across Europe, including the UK's own ID cards system and its accompanying national identity register.
He recently published an Opinion document on the use of biometrics in the EU branding them "unreliable".
"I'm not saying biometrics are bad," he told silicon.com. "If ecommerce and e-government are take off, which is desirable and quite likely, biometrics must play a role."
However, the EDPS discouraged member states from using biometrics technology as a unique identifier for their citizens. "Biometrics are not as reliable as one would like - there is a margin of doubt. We need fallback procedures; that is very important. There also needs to be standards as to the way biometrics are collected and used.
"There is a certain tendency to use [biometrics] not only in a specific context, for providing identification, but also to use it as a primary key across different databases. It is not the key to do that - if we do that, we will multiply problems," he said.
RFID is another up-and-coming technology that has attracted the attention of Europe and civil liberties groups alike.
According to Hutinx, RFID has its place - and that place is not near the public.
"RFID is used to deal with logical processes. The important question here is where is it going to affect people?" the EDPS said. "As long as it is used in transport, it stays away from people, apart from those in the transport industry. When people buy goods and it is used for track and trace, there are some very vital questions," he said.
Hustinx will remain European data protection supervisor until 2009, by which time, he hopes data protection will have gone beyond a mere lawmakers' duty to become a commercial advantage.
"Technology will have developed further, there will be more internet-supported communications and I expect by then there will be safeguards built in. I think privacy and data protection will become selling points."
"Data protection is not cast in stone," Hustinx added. "With new environments and new technologies, we have to ask new questions. If [data protection] is overlooked, that usually leads to problems."
Leader: Free as in broadband
Leader: A 500,000 Microsoft device deal - so what?
Leader: Getting IT right isn't child's play
The Weekly Round-Up: 07.04.06