ICO blasts sluggish speed of EU data law reforms

Information Commissioner calls for sensible laws when it comes to personal data


Progress towards updating European data protection laws is moving at a "snail's pace", according to the Information Commissioner's Office (ICO).

The EU's current data protection measures are decades out-of-date, while lawmakers risk falling further behind with each new technological innovation around data, the watchdog warned yesterday.

In a speech at Liverpool John Moores University, Information Commissioner Christopher Graham pointed out that bodies like the ICO are forced to protect people's data armed with ancient legislation like the 1995 Data Protection Directive.

"Today that 20-year-old Directive is scarcely fit for purpose as the technology and the uses of data have raced further ahead of anything the law makers envisaged," he said.

"The institutions of the European Union are moving, but at a snail's pace, to reform the data protection regime with a new regulation which would apply uniformly across the single market."

That EU Data Regulation will replace the 1995 directive, aiming to give citizens more control over who uses their personal data, a right to be forgotten, and will also require companies to get people's explicit consent to use their data.

The regulation was due to be adopted into law this year, but EU countries keep hitting sticking points.

One objection raised was by the British Government last month, which called the explicit consent requirement "unjustified".

Graham said that while the regulation is debated, citizens' data is becoming increasingly at risk the more people use the internet.

"Whatever we do online, we are leaving a trail of personal data which can be analysed, linked, mashed, and crunched. And our privacy is more and more compromised," he said.

The commissioner said it was vital that citizens can trust those who wish to use their information.

He pointed to the example of the NHS's controversial care.data scheme, under which patient data will be shared between GP surgeries and hospitals, as a beneficial move undermined by a lack of trust.

The project was postponed after the public was inadequately consulted, and the director of patient information at the NHS, Tim Kelsey, said yesterday that the initiative was starting anew this year.

Graham said the project "depends crucially on citizen confidence which, following last year's botched communications exercise, is in short supply."

However, he said a balance could be achieved with "proportionate, risk-based enforcement".

"The laws have to be practical and realistic and not tie data protection authorities like mine up in knots attempting to enforce over-spec'd procedural obligations when the emphasis should be on promotion of good practice for data controllers and consumers," he added.

"Sensible laws and sensible citizens can protect privacy and still enable good things to happen online."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now


ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Apr 2020

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020