ICO not convinced by EU data privacy tightening proposals

Proposals to rewrite EU data protection law will increase users' control of their data and cut costs for businesses, EU justice commissioner Viviane Reding has said.

 

The Commission is claiming the new law would mean increased responsibility and accountability for those processing personal data.

 

It also stipulates that companies and organisations are obliged to notify their national supervisory authority of serious data breaches as soon as possible - within 24 hours where feasible.

 

The proposed changes to 17-year-old data protection rules would bring in fines for those breaching EU data protection rules of up to €1m, or a maximum 2% of their global annual turnover.

 

Reding said a rewrite was important given that when law was first passed 17 years ago, just 1% of Europeans used the ‘Net: "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data."

 

But despite welcoming the proposals overall, the Information Commissioner's Office (ICO) said the proposals were unnecessarily and unhelpfully over-prescriptive in some places.

 

"This poses challenges for its practical application and risks developing a 'tick box' approach to data protection compliance. The proposal also fails to properly recognise the reality of international transfers of personal data in today's globalised world and misses the opportunity to adjust the European regulatory approach accordingly," it said in its initial official response to Brussels' ideas.