The European Union’s Article 29 Working Party adopted a detailed recommendation on accountability which was submitted to the European Commission on July 13, 2010. Opinion 3/2010 elaborates on the Working Party’s 2009 recommendation to include a new principle on accountability in the revised EU Data Protection Directive. The Opinion’s executive summary states:
“EU data protection principles and obligations are often insufficiently reflected in concrete internal measures and practices. Unless data protection becomes part of the shared values and practices of an organization, and responsibilities for it are expressly assigned, effective compliance will be at considerable risk, and data mishaps are likely to continue.
…this Opinion puts forward a concrete proposal for a principle on accountability which would require data controllers to put in place appropriate and effective measures to ensure that principles and obligations set out in the Directive are complied with, and to demonstrate so to supervisory authorities upon request.”
The Opinion discusses many of the issues that have been raised as part of international discussions on accountability, including the balance between legal certainty and scalability (what many would call flexibility). It also acknowledges that accountability could replace or diminish existing requirements such as prior notification.
For the past two years the Centre for Information Policy Leadership at Hunton & Williams LLP has been acting as the secretariat for an international accountability project. That work is acknowledged in the paper.