Consumer Privacy Protection in the European Union
With the development of automated information systems, consumers’ decisions can be made based on models of individuals’ preferences without any personal interaction. This raises serious concerns regarding data-privacy protection. Up-to-date legislation and appropriate technological measures are needed to enhance lawful access, process, and storage of sensitive personal data under automated information systems. This chapter provides the general interpretation of the requirements of security, personal data breach notification systems, and enforcement mechanisms according to the EU data privacy protection legislation. It aims to examine and evaluate whether the EC Data Protection Directive in 1995 and the new EC e-Privacy Directive amended by the Directive 2009/136/EC are sufficient to ensure the security of the future development of automated information systems that automatically capture, process, store, and analyse sensitive personal data across the EU countries. It discusses the impact of the EC directives to business organizations and proposes solutions to enhance the protection of users’/consumers’ privacy from a legal perspective.