In-depth

How the Data Protection Act's death will punish the UK economy

If the UK hands over data protection duties to the EU, it will scare off future foreign investment, says Tom Brewster.

7 Dec 2011

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 7 Dec 2011

COMMENT The Data Protection Act is on death's door. When it goes, it won't just radically alter how information is processed and protected in the UK, it will have serious, pejorative consequences for our economy too.

That was what IT Pro heard this week from two leading data protection lawyers lawyers who have seen drafts of what the European Commission is planning. In the coming months, they believe the EC will not propose a directive for nations to use as guidance, but will devise European-wide regulation for all member states to adhere to.

Despite the Commission's best intentions, however, the laws look set to bring more red tape to constrain companies working in Europe, the same red tape the Coalition has promised to cut. A host of requirements will be placed on businesses, which will likely deter many from investing in the UK. It will bring over-regulation of the most pernicious order.

The laws look set to bring more red tape to constrain companies working in Europe, the same red tape the Coalition has promised to cut.

This week, the EU again outlined its aggressive stance. Viviane Reding, vice-president of the European Commission, told delegates at a GSMA Europe conference that under her proposals there would be a strong focus on privacy by design.

"Businesses will have to pay utmost attention to security of information and privacy by design. These features should be well-integrated in the design of cloud computing products and services," Reding said. "The real winners will be those companies and service providers no matter where they are from that understand the competitive advantage of having built-in privacy features.

"When a data breach happens, a company will have to inform the national supervisory authority immediately and the individual whose data has been compromised or stolen."

That latter statement confirmed what appeared in a Financial Times report late last week, which hinted companies would have just 24 hours to confess to a breach. That same report suggested the EC was hoping to gain powers to fine businesses up to five per cent of their revenue for data snafus.

Furthermore, the Commission wants companies with 250 or more employees to have a data protection officer in place. SMEs will not be pleased.

So, businesses in the EU will be forced to employ more personnel, be threatened with massive fines and have to spend more money on development to ensure privacy-as-default in everything they do.