Following the public consultation and the meeting of the Commission for the rights and duties related to the Internet, on July 14, 2015 a new internet bill of rights declaration has been published.
The declaration has been defined as a constitution that seeks to integrate both rights already recognized by national and international regulations and theoretical principles which are not included in normative documents.
Topics covered range from “net neutrality” to “right to be forgotten”, however, focusing on the aspects related to personal data protection, it should be noted that Internet can be a source of threats for personal data.
For this reason, one of the purposes of the bill of rights is to protect the data processed and thus ensure the protection of dignity, identity and privacy of people within internet.
In particular, rights and principles already defined by the new European Data Protection Regulation draft are:
- necessity, purpose, relevance and proportionality
- informed consent (and withdrawal)
- balance of power between those who process the data and the data subject
- right of access / modification / deletion (with particular reference to the internet platforms such as social networks)
- personal data retention period
- right to be forgotten
Regarding the right to be forgotten, the declaration acknowledges the right recognized by the court of Justice of the European Union in its judgment of May 2014, in which is ratified the right to obtain the deletion from search engines indexes of the information related to the data subject. In any case, the right to be forgotten should not compromise the freedom of research and the right of the public to be informed.
In addition to the concepts and principles already expressed, the declaration ratifies the inviolability of communications (except in cases established by law for criminal investigations needs), and the protection of anonymity (that can be ensured using technical measures).