Last week the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) made public its report on the proposed Data Protection Regulation, expressing full support for a coherent and robust data protection framework with strong and enforceable rights for individuals.
The report was welcomed by Viviane Reding, the EU’s Justice Commissioner, as supporting the Commission’s aim “to strengthen Europe’s data protection rules” and the “fundamental right for all Europeans… to feel in full control of their data”.
The report may have been welcomed by the Justice Commissioner, but it’s likely to be far from welcome with most data practitioners. As Eduardo Ustaran of Field Fisher Waterhouse writes in his blog, “if anyone thought that the European Commission’s draft Data Protection Regulation was prescriptive and ambitious, then prepare yourselves for the European Parliament’s approach…what was already a very complex piece of draft legislation has become by far the strictest, most wide ranging and potentially most difficult to navigate data protection law ever to be proposed”.
Response from UK Government has been muted; the Ministry of Justice’s (MoJ’s) report states that the Report is “over prescriptive” and that “in its present form it will (not) produce a proportionate, practicable, affordable or effective system of data protection in the EU”. Specific criticisms of the proposed strengthened legislation are few and far between, however. The MoJ supports a “right of deletion” but queries the practicality of some elements of the proposed right to be forgotten regulation, and concern is expressed as to the likely burden placed on businesses and the ICO.
The MoJ report does recommend that businesses should only be encouraged to hire DPOs where they feel it “necessary” in order to comply with data protection law. Given the complexity and severity of this proposed Regulation, I’d guess it will be “necessary” for pretty much all organisations.
Note: Those in financial services, which may be affected heavily by this regulation, may wish to attend our Financial Services Breakfast Briefing on the 21st February 2013. The event is being held at the offices of leading law firm Osborne Clarke in London where topics will include the latest revisions and their implications. Find out more here.