How the Data Protection Act's death will punish the UK economy

If the UK hands over data protection duties to the EU, it will scare off future foreign investment, says Tom Brewster.

By Tom Brewster, 7 Dec 2011 at 17:55

COMMENT The Data Protection Act is on death's door. When it goes, it won't just radically alter how information is processed and protected in the UK, it will have serious, pejorative consequences for our economy too.

That was what IT Pro heard this week from two leading data protection lawyers – lawyers who have seen drafts of what the European Commission is planning. In the coming months, they believe the EC will not propose a directive for nations to use as guidance, but will devise European-wide regulation for all member states to adhere to.

Despite the Commission's best intentions, however, the laws look set to bring more red tape to constrain companies working in Europe, the same red tape the Coalition has promised to cut. A host of requirements will be placed on businesses, which will likely deter many from investing in the UK. It will bring over-regulation of the most pernicious order.

The laws look set to bring more red tape to constrain companies working in Europe, the same red tape the Coalition has promised to cut.

This week, the EU again outlined its aggressive stance. Viviane Reding, vice-president of the European Commission, told delegates at a GSMA Europe conference that under her proposals there would be a strong focus on privacy by design.

"Businesses will have to pay utmost attention to security of information and privacy by design. These features should be well-integrated in the design of cloud computing products and services," Reding said. "The real winners will be those companies and service providers – no matter where they are from – that understand the competitive advantage of having built-in privacy features.

"When a data breach happens, a company will have to inform the national supervisory authority immediately and the individual whose data has been compromised or stolen."

That latter statement confirmed what appeared in a Financial Times report late last week, which hinted companies would have just 24 hours to confess to a breach. That same report suggested the EC was hoping to gain powers to fine businesses up to five per cent of their revenue for data snafus.

Furthermore, the Commission wants companies with 250 or more employees to have a data protection officer in place. SMEs will not be pleased.

So, businesses in the EU will be forced to employ more personnel, be threatened with massive fines and have to spend more money on development to ensure privacy-as-default in everything they do.

1 2

Email to a friend

Print this page

< Previous Security : Analysis & Insight Next >

2 comments

You need to Login or Register to comment.

Buried nuggets

There may be some validity to this argument but its hard to find as they are buried under emotional invectives, distortions and worn out and discarded cliches. The meat of the argument seems to rely on the potentiality of 'if' and 'may be'. It sounds more like a complainer's pub closing time call to arms than a thoughtful reasoned argument.
Coming from engineering background a few facts, figures, and examples would carry more weight.
But thanks for raising awareness of the issue, I'll look into it for myself.

By Ip5_a20f7c4425b on Friday Dec 9

FALSE ALARM

Businesses have a duty to keep confidential data secure.
If they collect it {by cookie collection and tracking and data mining} this could impinge with security and ID Theft, as well as unwarranted intrusion into privacy.

Any data breach can severely damage any company, be it personnel, trade figures, or trade secrets. It pays a company to have an officer who is security conscious and has dual roles.

The basic error is UK method of Law. A person in UK has to Opt IN to opt OUT of targeted advertising. That is a denial of rights for a person wishes to be anonymous and does not want cookies in the first case.

In this page I note the ICO has hit London Council with £70,000 data breach fine. The fine is equally shared to the council taxpayers, who's very data was lost.
I also make note that the ICO is suggesting fines will not be issues if company's have made some progress but still not manage to comply with the cookie deadline (Postponed for 12 months a year ago!!!).

In my opinion the ICO is not fit for purpose. They are supposed to be stalwarts of Digital Law, yet cast a blind eye to such a degree that they may be perverting the course of justice.

By Lenmontieth on Saturday May 19