Data protection audit and data protection issues in the telecom sector
In connection with data protection audit, new solutions have arisen and have been observed, one significant example is the EuroPrise, the European Privacy Seal, which is a special audit project. During the audit, companies often follow foreign samples, methods, practices for a more effective operation. Purposes can be reached by not infringing the right to data protection, other personality rights and by serving the interests of the company at the same time.
Data processing occurs in context with other legal relations, and within a comprehensive scheme, where it serves a specific purpose. The principle that the data processing has to be completed by a specific purpose is emphasized by the Act LXIII of 1992 on the protection of personal data and public access to data of public interest (DPAct) and by the Constitution of the Republic of Hungary.
Data protection audit may serve as a solution for complying with standards of adequate data protection, a basis for a constructive approach, which has already been realised by the companies too.
The data protection audit is very widespread and has a high importance in the EU too. The legal background is the already mentioned 95/46/EC directive, which has strict requirements, as it orders quality assurance and uniform standards.
The DPAct regulates in the scope of data security that the data controller shall take all technical and organisational measures and elaborate the rules of procedure necessary to inforce compliance with the Act. It makes obligatory for certain data controllers to appoint an internal data protection officer and the developement of data protection and data security rules. Typical areas of data protection audit are the following: electronic telecommunications, financial relations, employment, direct marketing, insurance.
The purposes of the audit are to comply with the legal regulations, technical requirements of data security, information security, protection of business secrets, observation of interests and purposes. The aim of audit is to give assurance that the data controlling complies with laws and ensures conformity between the effective operation and data protection, and data security. The main areas to be dealt with in general are the following: specifying the target of audit, choosing the person for performing the audit, specifying the method, overview the areas and issues, draw the inference relating the results and the follow up.
The EuroPrise project introduces a trans-European privacy seal issued by independent third parties certifying compliance of IT-products and IT-based services with European regulations on privicy and data protection and security. It provides a transparent procedure and reliable criteria, it visualizes that a product has been checked and approved by an independent privacy organisation, fosters consumer protection and provides a marketing incentive to manufacturers and vendors to privacy relevant goods and services.
The EuroPrise consortium is lead by the Independent Centre for Privacy Protection Schleswig-Holstein, in Germany. The pilot project of EuroPrise is financed by the European Commission, as it has not decided, whether to introduce the Seal uniformly.
The other very important level where the telecom sector may seek recommendations is the above mentioned International Working Group on Data Protection in Telecommunictaions. It was founded in 1983, and has adopted numerous recommendations aimed at improving the protection of privacy in telecommunications.
The social network services focus on the building and verifying of online social networks for communities of people who share interests and activities or who are interested in exploring the interests and activities of others. Most services are primarily web-based and provide a collection on various ways for users to interact. It can make recommendations to regulators, providers, and in particular to users of social network services.