Social networks, privacy-by-design, right to oblivion and accountability were the main topics debated in the course of “Privacy Generations”, the 32nd International Conference on Data Protection and Privacy Commissioners.
The newest of these topics is the concept of accountability, the introduction to which is the result of more than two years of work by a group of experts of which I am part and which is documented and published in The Centre for Information Policy Leadership.
Accountability will play an important role in modifications (currently in progress) of the European Directive on e-privacy.
What is accountability? It could be defined as responsibility and at the same time proof of responsibility.
The concept was originally devised in order to facilitate the international flow of personal data, but it may have a broader application and may be a more general reference model in personal data processing.
Sources of accountability may be legislative, administrative or contractual. The data controller must be able to demonstrate that he has adopted a comprehensive procedure of personal data protection consisting of legal measures, organizational procedures and technical solutions and has also acted through the creation of specific organizational models, similar to those used in the application of d.lgs 231/2001.