Feeds

Gah! EU data protection will STIFLE business, moans gov.UK

Yargh, I'm wrapped up in actual red tape here

High performance access to file storage

Informed consent rules will hit credit-sniffers

However, one credit reference agency said financial services firms could be particularly affected by increased costs in defending against claims by individuals that they had not given their consent to processing.

"With the burden of proof now with the data controller it may be that every challenge by a consumer (or organisation acting on the consumer's behalf) will require, in the case of a credit reference agency search being challenged, a copy produced of the original consent obtained by our client at the time they carried out the search of our database," the credit reference agency said. "This may prove very costly, highly bureaucratic and time consuming for both us and our clients should organisations such as claim management companies target such activity."

The MoJ outlined its intention to seek an "overhaul" of the current drafting of new rules on individuals' so-called 'right to be forgotten'. It said it would seek changes "given the practicalities and costs and the potential for confusion about its scope for both organisations and individuals." However, it added that individuals should have the right for the personal data to be deleted "where this is appropriate". Some businesses have estimated that the cost of "changing their business processes" to comply with the right to be forgotten could be as much as £100,000.

Provisions contained in the draft Regulation enable individuals to force organisations to delete personal data stored about them "without delay". Organisations that have made the data public will be liable for the data published by third parties and will be required to "take all reasonable steps, including technical measures" to inform them to delete the information. However, organisations can oppose the deletion if they can show they have a right to publish the data under the principle of freedom of expression or if it is in the public interest for the data to remain in existence.

Other respondents questioned whether requiring businesses to build-in privacy by default into new service designs would bring more benefits than costs.

Data portability to affect trade secrets, property rights

Concern was also raised that planned new 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights. The Commission's plans provide consumers with a general right to switch electronically processed personal data from firm to its rival through a "commonly used" electronic format. Businesses said that the costs involved in changing systems to comply with data portability requirements could be as much as £5m and that those costs would likely have to be absorbed by consumers.

Plans for the detail for the operation of the proposed new data protection regime to be fleshed out in 'delegated acts' drawn up by the Commission were also criticised. Businesses had said that if the Commission dictated the "technological format and specifications" to be used, such as in relation to compliance with the data portability rules, it could leave companies "at a financial loss" where those firms had already developed and invested in alternative industry standards.

The MoJ said that a review of the "monetised costs" of compliance of current UK data protection laws had estimated that data controllers spend around £53m meeting the requirements of the laws and that an extra £1m is borne by the justice system enforcing the framework. The review had concluded, though, that the "true cost of compliance" was likely to be higher.

"The [review] also found non-monetised costs which included extra staff hired to ensure compliance with the [Data Protection Act (DPA)], costs for those who have received penalties, as well as impacts where the incorrect application of the DPA has stopped organisations sharing information," the MoJ said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.