European Union has enacted both the Data Protection Directive of 1995 (46/EC) as well as the Internet Privacy Law of 2002 (58/EC). These were developed to create standards among EU member states, as diverging laws were impeding the free flow of data within the EU. These Directives reflect broad personal privacy laws throughout Europe, and cover the electronic processing and storage of personal information.
- Notice—that personal data is being collected
- Purpose—data should only be used for stated purposes
- Consent—data should not be disclosed without the subject’s consent
- Security—collected data should be kept secure from any potential abuses
- Disclosure—subjects should be informed as to who is collecting their data
- Access—subjects should be allowed to access their data and make corrections to any inaccurate data
- Accountability—data subjects should have a method available to them to hold data collectors accountable for following the above principles.
Most of the 28 EU countries have established privacy laws that reflect the EU Directives, although there are regional differences in how these are interpreted.