Feeds

Data Protection Directive revamp: UK looking sidelined?

Economic protectionism could mean more than privacy

Choosing a cloud hosting partner with confidence

Opinion The EU Justice Commissioner Viviane Reding, Vice-President of the European Commission, and the German Federal Minister for Consumer Protection, Ilse Aigner, have come forward with a joint statement claiming that proposals to reform the 1995 Data Protection Directive will be published by the end of January 2012.

It is clear that their promise “to achieve a robust data protection framework for Europe's internal market that can successfully address the challenges of today's digital world” is at odds with the UK view that there is little to change.

The joint statement says the following:

Data protection is highly relevant for consumers and businesses regardless of borders. It therefore needs to be addressed at the European level, through high, common European standards with global appeal. The Lisbon Treaty provides Europe with a unique opportunity to modernise and strengthen data protection rules now. We both believe that as a result of this reform process, consumers in Europe should see their data strongly protected, regardless of the EU country they live in and regardless of the country in which companies, which process their personal data, are established

The relatively weak data protection regime “enjoyed” by UK citizens following Durant appears to coming to an end.

We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a 'cloud' [my emphasis].

This will not appeal to USA companies selling services into Europe. I expect the USA to argue that the European Union is practising economic protectionism justified in terms of a bogus privacy requirement. Facebook is also on notice to reform its privacy practices.

In modernising the EU's data protection rules, we believe that consumers must be more empowered than they are today. Users should be in control of their data. This is why in our view, EU law should require that consumers give their explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the internet themselves [my emphasis].

Quick memo to marketing department. Please note that “explicit consent” is not an “opt-out” – lots of love, data protection officer! Also the right to delete is almost as impracticable as a right to forget (see references); it is not the way to deal with this issue.

We will work closely together to make sure that the modernisation of the EU’s data protection rules addresses these issues and that the EU’s data privacy principles are turned into a reality for consumers and businesses everywhere in Europe.

Note that the above commentary is limited to business personal data and does not include anything about extension of a new data protection directive to law enforcement. Reading the runes, I think this means that new data protection regime could well become split into two: one component relating to upgrading Directive 95/46/EC without the law enforcement and another component dealing with just the law enforcement elements.

This in turn increases the prospect of a regulation just to upgrade Directive 95/46/EC, as the contentious law enforcement extension has been separated off for detailed discussion in a further initiative.

Also politically, I sense that the UK is in a weak position as euro-zone ministers are getting fed up with the barracking comments from UK finance ministers to “get your house in order”. I am beginning to wonder whether the Euro-sceptic tone from the UK means that any UK view on European data protection standards will be quietly sidelined.

Indeed, one way that Sarkozy, Murkel et al “can get pay-back” from the UK is to impose Euro-standards of data protection, by regulation, on the UK. After all, it won't cost them a penny but they know it would sure upset the Brits.

References

UK government's position on data protection.

Commission’s view of what is wrong with the UK’s implementation of the Data Protection Act (PDF).

Reding and Aigner's statement is here.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.