Feeds

Gah! EU data protection will STIFLE business, moans gov.UK

Yargh, I'm wrapped up in actual red tape here

The essential guide to IT transformation

Informed consent rules will hit credit-sniffers

However, one credit reference agency said financial services firms could be particularly affected by increased costs in defending against claims by individuals that they had not given their consent to processing.

"With the burden of proof now with the data controller it may be that every challenge by a consumer (or organisation acting on the consumer's behalf) will require, in the case of a credit reference agency search being challenged, a copy produced of the original consent obtained by our client at the time they carried out the search of our database," the credit reference agency said. "This may prove very costly, highly bureaucratic and time consuming for both us and our clients should organisations such as claim management companies target such activity."

The MoJ outlined its intention to seek an "overhaul" of the current drafting of new rules on individuals' so-called 'right to be forgotten'. It said it would seek changes "given the practicalities and costs and the potential for confusion about its scope for both organisations and individuals." However, it added that individuals should have the right for the personal data to be deleted "where this is appropriate". Some businesses have estimated that the cost of "changing their business processes" to comply with the right to be forgotten could be as much as £100,000.

Provisions contained in the draft Regulation enable individuals to force organisations to delete personal data stored about them "without delay". Organisations that have made the data public will be liable for the data published by third parties and will be required to "take all reasonable steps, including technical measures" to inform them to delete the information. However, organisations can oppose the deletion if they can show they have a right to publish the data under the principle of freedom of expression or if it is in the public interest for the data to remain in existence.

Other respondents questioned whether requiring businesses to build-in privacy by default into new service designs would bring more benefits than costs.

Data portability to affect trade secrets, property rights

Concern was also raised that planned new 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights. The Commission's plans provide consumers with a general right to switch electronically processed personal data from firm to its rival through a "commonly used" electronic format. Businesses said that the costs involved in changing systems to comply with data portability requirements could be as much as £5m and that those costs would likely have to be absorbed by consumers.

Plans for the detail for the operation of the proposed new data protection regime to be fleshed out in 'delegated acts' drawn up by the Commission were also criticised. Businesses had said that if the Commission dictated the "technological format and specifications" to be used, such as in relation to compliance with the data portability rules, it could leave companies "at a financial loss" where those firms had already developed and invested in alternative industry standards.

The MoJ said that a review of the "monetised costs" of compliance of current UK data protection laws had estimated that data controllers spend around £53m meeting the requirements of the laws and that an extra £1m is borne by the justice system enforcing the framework. The review had concluded, though, that the "true cost of compliance" was likely to be higher.

"The [review] also found non-monetised costs which included extra staff hired to ensure compliance with the [Data Protection Act (DPA)], costs for those who have received penalties, as well as impacts where the incorrect application of the DPA has stopped organisations sharing information," the MoJ said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.