Feeds

Reding's 'right to be forgotten' bill polarises Euro biz world

Rewriting data protection law in internet age

High performance access to file storage

EU Justice Commissioner Viviane Reding will imminently table a draft bill that will – if passed in Parliament – require internet firms to be upfront about the user data they hold.

The proposal has already been slammed by many businesses in the UK, where opposition to the draft regulation has been particularly fierce.

Reding's "right to be forgotten" on the internet plan forms part of a huge legislative overhaul of Europe's 1995 data protection law, which the commissioner has labelled as outdated.

EU observers, businesses and politicos agree with her that the current legislation is in desperate need of a rewrite, but Reding's draft proposal has drawn fire from many.

"The old adage of 'Be careful what you wish for' is apt in relation to the proposed rewrite of data protection laws. Companies have been struggling with unharmonised regulation across Europe for years, but the Commission's focus on the rights of the individual has resulted in some ideas that are widely seen as unworkable or which will lead to significant costs," said Jane Finlayson-Brown, a partner in Allen & Overy's data protection team.

She said the draft bill contains "several draconian new requirements" that could prove "impossible to enforce".

"The new 'right to be forgotten' is particularly contentious," Finlayson-Brown added.

"While attractive to users of social networks, it will apply generally and will require many organisations to re-engineer business processes and technologies.

"The question that many people will ask, given the economic climate and the associated costs of compliance, is whether this additional requirement is really worthwhile given that individuals' personal data are so widely and voluntarily made available on the net."

Law firm Osborne Clarke echoed that criticism. Its head of data privacy, James Mullock, said: “It’s rather odd that Commissioner Reding is claiming that the new rules will cut EU companies’ running costs.

"Leaked versions of what is expected to be announced... clearly show the EC’s train of thought is to increase the overall regulatory burden on business and require more time, personnel and cash to be thrown at compliance.”

He highlighted the amount of policing work that would be required by the likes of the Information Commissioner's Office in the UK, if the draft bill - as it currently stands - trickles its way into national law books within the 27-member states' bloc.

“Data privacy is an important individual freedom, and clearly it is important that the current law is updated. But it is fatuous to claim that complying with the rules will actually save companies money," Mullock added. "On the contrary, these measures are likely to cost EU businesses billions to implement and even more to maintain on an on-going basis.”

The Business Software Alliance also waded in with its own unsurprising attack on Reding's proposal.

“The Commission’s proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," said the BSA's European government affairs director, Thomas Boué.

"The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal’s current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," he added.

“Done well, a harmonised data-protection framework will create a more cohesive Single Market by eliminating unnecessary confusion among service providers and users.

"But there is a critical balance to be struck. The rules should protect people’s privacy rights while also ensuring they have access to the full complement of services the internet has to offer.”

But not everyone has reacted negatively to the proposed regulation.

Document management outfit Iron Mountain said the draft bill might help force internet businesses to take a long, hard look at their current security policies.

“Many businesses of all sizes are falling short of what is required to manage information responsibly,” said the company's head of information security Christian Toon.

“In today’s increasingly scrutinised business environment, the lack of a solid and legally compliant information management policy is inexcusable.

"Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation," he added.

Facebook said: "We welcome Vice President Reding's view that good regulation should encourage job creation and economic growth rather than hindering it, and look forward to seeing how the EU Data Protection Directive develops in order to deliver these two goals while safeguarding the rights of internet users."

The Register will bring you full coverage of Reding's data protection announcement later today. Stay tuned... ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.