Feeds

Reding's 'right to be forgotten' bill polarises Euro biz world

Rewriting data protection law in internet age

The essential guide to IT transformation

EU Justice Commissioner Viviane Reding will imminently table a draft bill that will – if passed in Parliament – require internet firms to be upfront about the user data they hold.

The proposal has already been slammed by many businesses in the UK, where opposition to the draft regulation has been particularly fierce.

Reding's "right to be forgotten" on the internet plan forms part of a huge legislative overhaul of Europe's 1995 data protection law, which the commissioner has labelled as outdated.

EU observers, businesses and politicos agree with her that the current legislation is in desperate need of a rewrite, but Reding's draft proposal has drawn fire from many.

"The old adage of 'Be careful what you wish for' is apt in relation to the proposed rewrite of data protection laws. Companies have been struggling with unharmonised regulation across Europe for years, but the Commission's focus on the rights of the individual has resulted in some ideas that are widely seen as unworkable or which will lead to significant costs," said Jane Finlayson-Brown, a partner in Allen & Overy's data protection team.

She said the draft bill contains "several draconian new requirements" that could prove "impossible to enforce".

"The new 'right to be forgotten' is particularly contentious," Finlayson-Brown added.

"While attractive to users of social networks, it will apply generally and will require many organisations to re-engineer business processes and technologies.

"The question that many people will ask, given the economic climate and the associated costs of compliance, is whether this additional requirement is really worthwhile given that individuals' personal data are so widely and voluntarily made available on the net."

Law firm Osborne Clarke echoed that criticism. Its head of data privacy, James Mullock, said: “It’s rather odd that Commissioner Reding is claiming that the new rules will cut EU companies’ running costs.

"Leaked versions of what is expected to be announced... clearly show the EC’s train of thought is to increase the overall regulatory burden on business and require more time, personnel and cash to be thrown at compliance.”

He highlighted the amount of policing work that would be required by the likes of the Information Commissioner's Office in the UK, if the draft bill - as it currently stands - trickles its way into national law books within the 27-member states' bloc.

“Data privacy is an important individual freedom, and clearly it is important that the current law is updated. But it is fatuous to claim that complying with the rules will actually save companies money," Mullock added. "On the contrary, these measures are likely to cost EU businesses billions to implement and even more to maintain on an on-going basis.”

The Business Software Alliance also waded in with its own unsurprising attack on Reding's proposal.

“The Commission’s proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," said the BSA's European government affairs director, Thomas Boué.

"The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal’s current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," he added.

“Done well, a harmonised data-protection framework will create a more cohesive Single Market by eliminating unnecessary confusion among service providers and users.

"But there is a critical balance to be struck. The rules should protect people’s privacy rights while also ensuring they have access to the full complement of services the internet has to offer.”

But not everyone has reacted negatively to the proposed regulation.

Document management outfit Iron Mountain said the draft bill might help force internet businesses to take a long, hard look at their current security policies.

“Many businesses of all sizes are falling short of what is required to manage information responsibly,” said the company's head of information security Christian Toon.

“In today’s increasingly scrutinised business environment, the lack of a solid and legally compliant information management policy is inexcusable.

"Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation," he added.

Facebook said: "We welcome Vice President Reding's view that good regulation should encourage job creation and economic growth rather than hindering it, and look forward to seeing how the EU Data Protection Directive develops in order to deliver these two goals while safeguarding the rights of internet users."

The Register will bring you full coverage of Reding's data protection announcement later today. Stay tuned... ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.