Feeds

Reding's 'right to be forgotten' bill polarises Euro biz world

Rewriting data protection law in internet age

The smart choice: opportunity from uncertainty

EU Justice Commissioner Viviane Reding will imminently table a draft bill that will – if passed in Parliament – require internet firms to be upfront about the user data they hold.

The proposal has already been slammed by many businesses in the UK, where opposition to the draft regulation has been particularly fierce.

Reding's "right to be forgotten" on the internet plan forms part of a huge legislative overhaul of Europe's 1995 data protection law, which the commissioner has labelled as outdated.

EU observers, businesses and politicos agree with her that the current legislation is in desperate need of a rewrite, but Reding's draft proposal has drawn fire from many.

"The old adage of 'Be careful what you wish for' is apt in relation to the proposed rewrite of data protection laws. Companies have been struggling with unharmonised regulation across Europe for years, but the Commission's focus on the rights of the individual has resulted in some ideas that are widely seen as unworkable or which will lead to significant costs," said Jane Finlayson-Brown, a partner in Allen & Overy's data protection team.

She said the draft bill contains "several draconian new requirements" that could prove "impossible to enforce".

"The new 'right to be forgotten' is particularly contentious," Finlayson-Brown added.

"While attractive to users of social networks, it will apply generally and will require many organisations to re-engineer business processes and technologies.

"The question that many people will ask, given the economic climate and the associated costs of compliance, is whether this additional requirement is really worthwhile given that individuals' personal data are so widely and voluntarily made available on the net."

Law firm Osborne Clarke echoed that criticism. Its head of data privacy, James Mullock, said: “It’s rather odd that Commissioner Reding is claiming that the new rules will cut EU companies’ running costs.

"Leaked versions of what is expected to be announced... clearly show the EC’s train of thought is to increase the overall regulatory burden on business and require more time, personnel and cash to be thrown at compliance.”

He highlighted the amount of policing work that would be required by the likes of the Information Commissioner's Office in the UK, if the draft bill - as it currently stands - trickles its way into national law books within the 27-member states' bloc.

“Data privacy is an important individual freedom, and clearly it is important that the current law is updated. But it is fatuous to claim that complying with the rules will actually save companies money," Mullock added. "On the contrary, these measures are likely to cost EU businesses billions to implement and even more to maintain on an on-going basis.”

The Business Software Alliance also waded in with its own unsurprising attack on Reding's proposal.

“The Commission’s proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," said the BSA's European government affairs director, Thomas Boué.

"The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal’s current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," he added.

“Done well, a harmonised data-protection framework will create a more cohesive Single Market by eliminating unnecessary confusion among service providers and users.

"But there is a critical balance to be struck. The rules should protect people’s privacy rights while also ensuring they have access to the full complement of services the internet has to offer.”

But not everyone has reacted negatively to the proposed regulation.

Document management outfit Iron Mountain said the draft bill might help force internet businesses to take a long, hard look at their current security policies.

“Many businesses of all sizes are falling short of what is required to manage information responsibly,” said the company's head of information security Christian Toon.

“In today’s increasingly scrutinised business environment, the lack of a solid and legally compliant information management policy is inexcusable.

"Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation," he added.

Facebook said: "We welcome Vice President Reding's view that good regulation should encourage job creation and economic growth rather than hindering it, and look forward to seeing how the EU Data Protection Directive develops in order to deliver these two goals while safeguarding the rights of internet users."

The Register will bring you full coverage of Reding's data protection announcement later today. Stay tuned... ®

Designing a Defense for Mobile Applications

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.