Calls for 'modernised' EU Data Protection

EU Data Protection laws must be modernised, says former UK Information Commissioner.

Richard Thomas, the UK's former Information Commissioner called for the adoption of laws that can address the realities of the digital world of the 21st century.

"The pace of technological change is increasing both benefits and threats.  Powerful devices, instant communications, more effective search and analytical tools and ever-cheaper data storage capacity create seemingly endless opportunities to gather and interpret information about us, our activities and our preferences.  But European data protection laws have a poor reputation for being bureaucratic, uncertain and burdensome. The new approach must find the 'Holy Grail' of maximising effectiveness while minimising the burden."

Richard Thomas is a member of the Centre for Information Policy Leadership (CIPL).  CIPL has published two papers that respond to European Commission's consultation: A comprehensive approach to personal data protection.  Key points made by CIPL:

  • Reform must focus on implementation and practicalities. The Centre suggests criteria for a modernised, 21st century, regulatory framework, based on clear objectives, real risks and well-balanced outcomes.
  • The Centre has severe doubts about EU standard-form Privacy Information Notices, which will be so comprehensive - or so simple - as to be meaningless either way.
  • Efforts to simplify rights of access, rectification, erasure and blocking are welcomed, but the Centre is sceptical about a simple ‘right to be forgotten'.
  • Harmonisation - European and global - must be based on common principles and objectives, avoiding both highest and lowest common denominators.
  • In line with the commitment to reducing the administrative burden, notification requirements should be replaced with a very simple registration system to provide regulators with funding and channels of communication for enforcement and education.
  • Privacy Impact Assessments and Privacy by Design are welcome, but their use should be encouraged as business processes, not made mandatory.