Tuesday, April 29, 2008
[IWS] Eurobarometer: DATA PROTECTION in the EU: DATA CONTROLLERS' PERCEPTIONS [February 2008]
IWS Documented News Service
_______________________________
Institute for Workplace Studies----------------- Professor Samuel B. Bacharach
School of Industrial & Labor Relations-------- Director, Institute for Workplace Studies
Cornell University
16 East 34th Street, 4th floor---------------------- Stuart Basefsky
New York, NY 10016 -------------------------------Director, IWS News Bureau
________________________________________________________________________
European Commission >> Eurobarometer
Survey conducted by The Gallup Organization Hungary upon the request of Directorate- General Justice, Freedom and Security
Flash Eurobarometer Series
#226
Data Protection in the European Union: Data Controllers' Perceptions [February 2008]
http://ec.europa.eu/public_opinion/flash/fl_226_en.pdf
[full-text, 129 pages]
[excerpts]
Main findings
Perceptions about the current data protection legislation
A majority of people responsible for data protection issues within companies (56%) said they
were somewhat familiar with the provisions of the data protection law. However, only 13%
claimed to be very familiar with this law.
An equally large proportion of respondents (56%) considered the protection level offered to
citizens by their respective national data protection laws as 'medium'. Twenty-eight percent
said the protection level was 'high' and only 11% indicated that it was 'low'.
Results by country showed important disparities between Member States, and the percentage of
respondents saying that the level of protection offered to citizens by national data protection
laws was 'high' ranged from 8% (Portugal) to 56% (Slovenia).
Half of the respondents in the EU believed that legislation could not cope with the increasing
amount of personal information being exchanged. Only 5% of respondents thought that the
existing legislation concerning data protection was very well suited.
Only in six Member States did a majority of interviewees indicate that the existing legislation on
data protection was very well, or rather well, suited to cope with the increasing volumes of
personal information being exchanged.
Individuals responsible for data protection issues generally made a positive evaluation of the
requirements of the data protection laws: 91% rather agreed that the requirements of the data
protection law were necessary in order to guarantee a high level of protection for consumers and
the fundamental rights of citizens, only 35% thought that the requirements of the data protection
law were too strict and 28% believed that the requirements of the data protection law were
unnecessary except for certain sectors of activity.
Concerning the implementation and interpretation of the national data protection laws across
the EU, opinions were divided: 38% agreed there was sufficient harmonisation of data
protection laws across Member States to allow personal data to be freely exchanged within
the EU, compared to 33% who did not agree; a third (33%) thought that the data protection law
was interpreted and applied more rigorously in their country than in other Member States, while
a quarter (25%) said the opposite.
A significant group of respondents were not able to judge if Member States' data protection
laws were adequately harmonised (29%) or found it extremely difficult to assess whether their
national data protection laws had been introduced more rigorously than in other Member States
(42%).
In-house practices relating to data protection and personal data transfer
The usage of privacy enhancing technologies (PETs)
More or less half of the data controllers interviewed throughout the EU (52%) stated that they
used Privacy Enhancing Technologies (PETs) in their company. Fourteen percent said that PETs
were not used because they had never heard of them.
The individual country results again showed significant variation; while three-quarters of
Swedish companies used PETs (74%), only slightly more than a quarter of Czech companies did
so (28%).
Transfer of personal data via the Internet
Two-thirds of respondents throughout the EU (65%) indicated that their company transferred
personal data via the Internet. The proportion of companies that made such transfers ranged
from 13% in Germany to 59% in Slovakia.
The Gallup Organization Flash Eurobarometer No 226 Data protection perceptions among data controllers
One in three respondents (32%) admitted that their company did not take any security measures
when transferring personal data over the Internet.
Transfer of personal data to countries outside of the EU
Only a minority of respondents indicated that their company transferred personal data to
countries outside of the EU (10%).
Among companies that transferred personal data to non-EU countries, almost half of
respondents (46%) indicated that this data mostly concerned clients' or consumers' data for
commercial purposes, and 27% said it was human resources data for HR purposes.
Emails were by far the most preferred channel for the transfer of personal data to countries
outside of the EU; 78% of respondents said that in their company, personal data was transferred
via email.
Only one in three respondents, who had indicated that their company transferred data to non-EU
countries, were familiar with the expression "standard contractual clauses" (34%).
Recent experiences with privacy policy and data protection
Companies' experiences with access requests and complaints
Almost half of the interviewees (46%) indicated that their company had received requests for
access to personal data last year, but only a minority of them said that their company had
received more than 50 such requests.
The results by country showed that, among the companies that had received access requests last
year, in most Member States the majority had received less than 10. The exceptions were Italy
and Austria.
Only 3% of respondents answered that their company had received complaints from individuals
whose data was currently being processed.
Privacy policy notices
Four out of 10 respondents in the EU (41%) answered that their company maintained and
updated a privacy police notice and 17% of interviewees said that their company monitored how
frequently their privacy policy notice was examined by the public.
Almost all respondents in Italy claimed that their company maintained and updated a privacy
policy notice (96%), while only 10% of Austrian companies said the same.
Italian companies were also the most likely to say that public examination of such notices was
monitored (65%), while in Hungary (2%) and the Czech Republic (3%) almost no one said their
company did this.
Contacts with the national data protection authority
At the EU27 level, 13% of interviewees said they were in regular contact with the national data
protection authority in their country.
Regular contact with the national authority was most likely in Italy (41% of companies), but it
practically never occurred in Austria (only 1% of respondents were in regular contact with the
authority), Hungary (2%) and Sweden (3%).
The largest groups of respondents said they were either looking for advice when contacting their
national data protection authority (60%) or that they had made contact in regard to notifications
(56%).
AND MORE.....
Table of Contents
Table of Contents ................................................................................................................................. 3
Introduction .......................................................................................................................................... 4
Main findings ........................................................................................................................................ 6
1. Perceptions about national data protection legislation .................................................................. 9
1.1 Familiarity with the provisions of national data protection laws .................................................. 9
1.2 Data controllers' assessments of the data protection legislation ................................................. 10
1.2.2 Level of protection offered by the national data protection laws ......................................... 10
1.2.2 The current legislation and the amount of personal information being exchanged ............. 12
1.3 Attitudes towards the requirements of the data protection law ................................................... 15
1.4 Views on the implementation and interpretation of the legislation ............................................. 20
2. In-house practices relating to data protection and personal data transfer ................................ 24
2.1 The usage of privacy enhancing technologies (PETs) ................................................................. 24
2.2 Transfer of personal data via Internet and related security measures .......................................... 26
2.3 Transfer of personal data outside the EU .................................................................................... 28
2.3.1 Transfer of personal data outside the EU ............................................................................ 28
2.3.2 Type of data transferred ....................................................................................................... 30
2.3.3 Way to transfer data outside the EU .................................................................................... 31
2.3.4 Awareness of the expression "standard contractual clauses" ............................................. 32
3. Recent experiences with privacy policy and data protection ...................................................... 34
3.1 Companies' experiences with access requests and complaints ................................................... 34
3.1.1 Requests to access personal data ......................................................................................... 34
3.1.2 Reception of complaints from data subjects ......................................................................... 36
3.2 Privacy policy notices ................................................................................................................. 36
3.3 Contacts with the national data protection authority ................................................................... 39
4. The Future of the legal framework on data protection ................................................................ 41
5. Data protection in the light of international terrorism ................................................................ 47
I. Annex Tables ................................................................................................................................... 54
II. Survey Details ............................................................................................................................... 119
III. Questionnaire .............................................................................................................................. 123
______________________________
This information is provided to subscribers, friends, faculty, students and alumni of the School of Industrial & Labor Relations (ILR). It is a service of the Institute for Workplace Studies (IWS) in New York City. Stuart Basefsky is responsible for the selection of the contents which is intended to keep researchers, companies, workers, and governments aware of the latest information related to ILR disciplines as it becomes available for the purposes of research, understanding and debate. The content does not reflect the opinions or positions of Cornell University, the School of Industrial & Labor Relations, or that of Mr. Basefsky and should not be construed as such. The service is unique in that it provides the original source documentation, via links, behind the news and research of the day. Use of the information provided is unrestricted. However, it is requested that users acknowledge that the information was found via the IWS Documented News Service.
Stuart Basefsky
Director, IWS News Bureau
Institute for Workplace Studies
Cornell/ILR School
16 E. 34th Street, 4th Floor
New York, NY 10016
Telephone: (607) 255-2703
Fax: (607) 255-9641
E-mail: smb6@cornell.edu
****************************************
_______________________________
Institute for Workplace Studies----------------- Professor Samuel B. Bacharach
School of Industrial & Labor Relations-------- Director, Institute for Workplace Studies
Cornell University
16 East 34th Street, 4th floor---------------------- Stuart Basefsky
New York, NY 10016 -------------------------------Director, IWS News Bureau
________________________________________________________________________
European Commission >> Eurobarometer
Survey conducted by The Gallup Organization Hungary upon the request of Directorate- General Justice, Freedom and Security
Flash Eurobarometer Series
#226
Data Protection in the European Union: Data Controllers' Perceptions [February 2008]
http://ec.europa.eu/public_opinion/flash/fl_226_en.pdf
[full-text, 129 pages]
[excerpts]
Main findings
Perceptions about the current data protection legislation
A majority of people responsible for data protection issues within companies (56%) said they
were somewhat familiar with the provisions of the data protection law. However, only 13%
claimed to be very familiar with this law.
An equally large proportion of respondents (56%) considered the protection level offered to
citizens by their respective national data protection laws as 'medium'. Twenty-eight percent
said the protection level was 'high' and only 11% indicated that it was 'low'.
Results by country showed important disparities between Member States, and the percentage of
respondents saying that the level of protection offered to citizens by national data protection
laws was 'high' ranged from 8% (Portugal) to 56% (Slovenia).
Half of the respondents in the EU believed that legislation could not cope with the increasing
amount of personal information being exchanged. Only 5% of respondents thought that the
existing legislation concerning data protection was very well suited.
Only in six Member States did a majority of interviewees indicate that the existing legislation on
data protection was very well, or rather well, suited to cope with the increasing volumes of
personal information being exchanged.
Individuals responsible for data protection issues generally made a positive evaluation of the
requirements of the data protection laws: 91% rather agreed that the requirements of the data
protection law were necessary in order to guarantee a high level of protection for consumers and
the fundamental rights of citizens, only 35% thought that the requirements of the data protection
law were too strict and 28% believed that the requirements of the data protection law were
unnecessary except for certain sectors of activity.
Concerning the implementation and interpretation of the national data protection laws across
the EU, opinions were divided: 38% agreed there was sufficient harmonisation of data
protection laws across Member States to allow personal data to be freely exchanged within
the EU, compared to 33% who did not agree; a third (33%) thought that the data protection law
was interpreted and applied more rigorously in their country than in other Member States, while
a quarter (25%) said the opposite.
A significant group of respondents were not able to judge if Member States' data protection
laws were adequately harmonised (29%) or found it extremely difficult to assess whether their
national data protection laws had been introduced more rigorously than in other Member States
(42%).
In-house practices relating to data protection and personal data transfer
The usage of privacy enhancing technologies (PETs)
More or less half of the data controllers interviewed throughout the EU (52%) stated that they
used Privacy Enhancing Technologies (PETs) in their company. Fourteen percent said that PETs
were not used because they had never heard of them.
The individual country results again showed significant variation; while three-quarters of
Swedish companies used PETs (74%), only slightly more than a quarter of Czech companies did
so (28%).
Transfer of personal data via the Internet
Two-thirds of respondents throughout the EU (65%) indicated that their company transferred
personal data via the Internet. The proportion of companies that made such transfers ranged
from 13% in Germany to 59% in Slovakia.
The Gallup Organization Flash Eurobarometer No 226 Data protection perceptions among data controllers
One in three respondents (32%) admitted that their company did not take any security measures
when transferring personal data over the Internet.
Transfer of personal data to countries outside of the EU
Only a minority of respondents indicated that their company transferred personal data to
countries outside of the EU (10%).
Among companies that transferred personal data to non-EU countries, almost half of
respondents (46%) indicated that this data mostly concerned clients' or consumers' data for
commercial purposes, and 27% said it was human resources data for HR purposes.
Emails were by far the most preferred channel for the transfer of personal data to countries
outside of the EU; 78% of respondents said that in their company, personal data was transferred
via email.
Only one in three respondents, who had indicated that their company transferred data to non-EU
countries, were familiar with the expression "standard contractual clauses" (34%).
Recent experiences with privacy policy and data protection
Companies' experiences with access requests and complaints
Almost half of the interviewees (46%) indicated that their company had received requests for
access to personal data last year, but only a minority of them said that their company had
received more than 50 such requests.
The results by country showed that, among the companies that had received access requests last
year, in most Member States the majority had received less than 10. The exceptions were Italy
and Austria.
Only 3% of respondents answered that their company had received complaints from individuals
whose data was currently being processed.
Privacy policy notices
Four out of 10 respondents in the EU (41%) answered that their company maintained and
updated a privacy police notice and 17% of interviewees said that their company monitored how
frequently their privacy policy notice was examined by the public.
Almost all respondents in Italy claimed that their company maintained and updated a privacy
policy notice (96%), while only 10% of Austrian companies said the same.
Italian companies were also the most likely to say that public examination of such notices was
monitored (65%), while in Hungary (2%) and the Czech Republic (3%) almost no one said their
company did this.
Contacts with the national data protection authority
At the EU27 level, 13% of interviewees said they were in regular contact with the national data
protection authority in their country.
Regular contact with the national authority was most likely in Italy (41% of companies), but it
practically never occurred in Austria (only 1% of respondents were in regular contact with the
authority), Hungary (2%) and Sweden (3%).
The largest groups of respondents said they were either looking for advice when contacting their
national data protection authority (60%) or that they had made contact in regard to notifications
(56%).
AND MORE.....
Table of Contents
Table of Contents ................................................................................................................................. 3
Introduction .......................................................................................................................................... 4
Main findings ........................................................................................................................................ 6
1. Perceptions about national data protection legislation .................................................................. 9
1.1 Familiarity with the provisions of national data protection laws .................................................. 9
1.2 Data controllers' assessments of the data protection legislation ................................................. 10
1.2.2 Level of protection offered by the national data protection laws ......................................... 10
1.2.2 The current legislation and the amount of personal information being exchanged ............. 12
1.3 Attitudes towards the requirements of the data protection law ................................................... 15
1.4 Views on the implementation and interpretation of the legislation ............................................. 20
2. In-house practices relating to data protection and personal data transfer ................................ 24
2.1 The usage of privacy enhancing technologies (PETs) ................................................................. 24
2.2 Transfer of personal data via Internet and related security measures .......................................... 26
2.3 Transfer of personal data outside the EU .................................................................................... 28
2.3.1 Transfer of personal data outside the EU ............................................................................ 28
2.3.2 Type of data transferred ....................................................................................................... 30
2.3.3 Way to transfer data outside the EU .................................................................................... 31
2.3.4 Awareness of the expression "standard contractual clauses" ............................................. 32
3. Recent experiences with privacy policy and data protection ...................................................... 34
3.1 Companies' experiences with access requests and complaints ................................................... 34
3.1.1 Requests to access personal data ......................................................................................... 34
3.1.2 Reception of complaints from data subjects ......................................................................... 36
3.2 Privacy policy notices ................................................................................................................. 36
3.3 Contacts with the national data protection authority ................................................................... 39
4. The Future of the legal framework on data protection ................................................................ 41
5. Data protection in the light of international terrorism ................................................................ 47
I. Annex Tables ................................................................................................................................... 54
II. Survey Details ............................................................................................................................... 119
III. Questionnaire .............................................................................................................................. 123
______________________________
This information is provided to subscribers, friends, faculty, students and alumni of the School of Industrial & Labor Relations (ILR). It is a service of the Institute for Workplace Studies (IWS) in New York City. Stuart Basefsky is responsible for the selection of the contents which is intended to keep researchers, companies, workers, and governments aware of the latest information related to ILR disciplines as it becomes available for the purposes of research, understanding and debate. The content does not reflect the opinions or positions of Cornell University, the School of Industrial & Labor Relations, or that of Mr. Basefsky and should not be construed as such. The service is unique in that it provides the original source documentation, via links, behind the news and research of the day. Use of the information provided is unrestricted. However, it is requested that users acknowledge that the information was found via the IWS Documented News Service.
Stuart Basefsky
Director, IWS News Bureau
Institute for Workplace Studies
Cornell/ILR School
16 E. 34th Street, 4th Floor
New York, NY 10016
Telephone: (607) 255-2703
Fax: (607) 255-9641
E-mail: smb6@cornell.edu
****************************************
# posted by SBasefsky : 1:38 PM
