Feeds

Reding's 'right to be forgotten' bill polarises Euro biz world

Rewriting data protection law in internet age

New hybrid storage solutions

EU Justice Commissioner Viviane Reding will imminently table a draft bill that will – if passed in Parliament – require internet firms to be upfront about the user data they hold.

The proposal has already been slammed by many businesses in the UK, where opposition to the draft regulation has been particularly fierce.

Reding's "right to be forgotten" on the internet plan forms part of a huge legislative overhaul of Europe's 1995 data protection law, which the commissioner has labelled as outdated.

EU observers, businesses and politicos agree with her that the current legislation is in desperate need of a rewrite, but Reding's draft proposal has drawn fire from many.

"The old adage of 'Be careful what you wish for' is apt in relation to the proposed rewrite of data protection laws. Companies have been struggling with unharmonised regulation across Europe for years, but the Commission's focus on the rights of the individual has resulted in some ideas that are widely seen as unworkable or which will lead to significant costs," said Jane Finlayson-Brown, a partner in Allen & Overy's data protection team.

She said the draft bill contains "several draconian new requirements" that could prove "impossible to enforce".

"The new 'right to be forgotten' is particularly contentious," Finlayson-Brown added.

"While attractive to users of social networks, it will apply generally and will require many organisations to re-engineer business processes and technologies.

"The question that many people will ask, given the economic climate and the associated costs of compliance, is whether this additional requirement is really worthwhile given that individuals' personal data are so widely and voluntarily made available on the net."

Law firm Osborne Clarke echoed that criticism. Its head of data privacy, James Mullock, said: “It’s rather odd that Commissioner Reding is claiming that the new rules will cut EU companies’ running costs.

"Leaked versions of what is expected to be announced... clearly show the EC’s train of thought is to increase the overall regulatory burden on business and require more time, personnel and cash to be thrown at compliance.”

He highlighted the amount of policing work that would be required by the likes of the Information Commissioner's Office in the UK, if the draft bill - as it currently stands - trickles its way into national law books within the 27-member states' bloc.

“Data privacy is an important individual freedom, and clearly it is important that the current law is updated. But it is fatuous to claim that complying with the rules will actually save companies money," Mullock added. "On the contrary, these measures are likely to cost EU businesses billions to implement and even more to maintain on an on-going basis.”

The Business Software Alliance also waded in with its own unsurprising attack on Reding's proposal.

“The Commission’s proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," said the BSA's European government affairs director, Thomas Boué.

"The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal’s current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," he added.

“Done well, a harmonised data-protection framework will create a more cohesive Single Market by eliminating unnecessary confusion among service providers and users.

"But there is a critical balance to be struck. The rules should protect people’s privacy rights while also ensuring they have access to the full complement of services the internet has to offer.”

But not everyone has reacted negatively to the proposed regulation.

Document management outfit Iron Mountain said the draft bill might help force internet businesses to take a long, hard look at their current security policies.

“Many businesses of all sizes are falling short of what is required to manage information responsibly,” said the company's head of information security Christian Toon.

“In today’s increasingly scrutinised business environment, the lack of a solid and legally compliant information management policy is inexcusable.

"Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation," he added.

Facebook said: "We welcome Vice President Reding's view that good regulation should encourage job creation and economic growth rather than hindering it, and look forward to seeing how the EU Data Protection Directive develops in order to deliver these two goals while safeguarding the rights of internet users."

The Register will bring you full coverage of Reding's data protection announcement later today. Stay tuned... ®

Security for virtualized datacentres

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.