Within the EU there is a body with the catchy title of “Working Party on the Protection of Individuals
with regard to the Processing of Personal Data”, this group produces guidelines and policy in relation to personal data on every thing from the police to direct sales.
Despite a name that just rolls off the tongue, the Working Party are often known simply as “Article 29 Working Party“, this is because they were formed under Article 29 of the even more catchy “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data”
Article 29 states that:
- A Working Party on the Protection of Individuals with regard to the Processing of Personal Data, hereinafter referred to as ‘the Working Party’, is hereby set up.
It shall have advisory status and act independently.
- The Working Party shall be composed of a representative of the supervisory authority or authorities designated by each Member State and of a representative of the authority or authorities established for the Community institutions and bodies, and of a representative of the Commission.
Each member of the Working Party shall be designated by the institution, authority or authorities which he represents. Where a Member State has designated more than one supervisory authority, they shall nominate a joint representative. The same shall apply to the authorities established for Community institutions and bodies.
- The Working Party shall take decisions by a simple majority of the representatives of the supervisory authorities.
- The Working Party shall elect its chairman. The chairman’s term of office shall be two years. His appointment shall be renewable.
- The Working Party’s secretariat shall be provided by the Commission.
- The Working Party shall adopt its own rules of procedure.
- The Working Party shall consider items placed on its agenda by its chairman, either on his own initiative or at the request of a representative of the supervisory authorities or at the Commission’s request.
Even back in 1997, just a few years after the Article 29 WP, was set up it published a report identifying the problems of companies collecting large amounts of data about EU citizens.
The report entitled, Anonymity on the Internet, stated that:
Over the past 25 years it has become apparent that one of the greatest threats to this fundamental
right to privacy is the ability for organisations to accumulate large amounts of information about
individuals, in a digital form which lends itself to high-speed (and now very low-cost) manipulation,
alteration and communication to others. Concerns about this development and the potential misuse
of such personal data has led all European Member States (and now the Community with directive
95/46/EC) to adopt specific data protection laws which set down a framework of rules governing
the processing of personal information.
Over the past decade with the development of the data protection laws within the EU and its member states, Article 29 WP has continued to push for better privacy and protection for inidivuals.
In 2008 Article 29 WP started to push the search engines to reduce the amount of data they retain from EU citizens, with a push for the data to be stored no longer than 6 months. Google has reduced its data retention to 18 months, Microsoft is considering 6 months, and Yahoo! has stated it will go as low as 3 months.