Ex-ICO: Draft EU privacy rules will turn every citizen 'into a liar'

Current commish: Data protection reforms must target crooks, not biz


Britain's Information Commissioner wants the force of the European Data Protection Directive to fall on rogues, not on businesses which already face mountains of paperwork. That's the message that Chris Graham will be taking to Europe when he goes there to hash out a compromise on the new European Data Protection Directive sometime before July.

Speaking at an event on Data Protection Day, Christopher Graham said that the EU's draft Data Protection Directive needed to focus on the risks that came from data management rogues, rather than chasing overburdened businesses to complete more paperwork.

"We want it defined in terms of outcomes rather than regulatory process," said Graham.

It's not going to work if we try and specify everything in the document. It should focus more on the risks and abuses and less on the average business.

Graham's predecessor in the job, Richard Thomas, was more blunt. Also speaking at the Data Protection Day event, he said that that the EU directive "should be taken back to the drawing board".

He said the EU needed to put "far less burden on the individuals" and commented that the directive would make liars of everyone:

With the current directive we are trying to turn every EU citizen into a continent of liars. We're asking people to tick boxes saying 'I have read everything' and they won't have.

The comments from the Information Commissioners - past and present - were in line with the UK ICO's latest published position on the new EU directive, published 22 January:

The current proposal is too prescriptive in terms of its administrative detail and the processes organisations will have to undertake to demonstrate accountability. This could be a particular problem for SMEs.

The preliminary response from the ICO also states that the EU's proposed "right to be forgotten" data protection reforms could lead citizens to expect a degree of protection that cannot be delivered in practice. The ICO warns that the EU must be realistic about the limited power EU data protection authorities may have over non- EU data controllers.

Underlining that point was a scathing attack on the reforms by a US diplomat at a Berlin conference last week.

John Rodgers, economic Officer in the US Foreign Service, warned taht the introduction of planned changes to EU data protection laws could herald a trans-Atlantic "trade war".

The European data protection authorities hope to produce a working document by July 2013. The first stakeholders' meeting is in May. ®

Similar topics


Other stories you might like

  • California's attempt to protect kids online could end adults' internet anonymity
    Websites may be forced to verify ages of visitors unless changes made

    California lawmakers met in Sacramento today to discuss, among other things, proposed legislation to protect children online. The bill, AB2273, known as The California Age-Appropriate Design Code Act, would require websites to verify the ages of visitors.

    Critics of the legislation contend this requirement threatens the privacy of adults and the ability to use the internet anonymously, in California and likely elsewhere, because of the role the Golden State's tech companies play on the internet.

    "First, the bill pretextually claims to protect children, but it will change the Internet for everyone," said Eric Goldman, Santa Clara University School of Law professor, in a blog post. "In order to determine who is a child, websites and apps will have to authenticate the age of ALL consumers before they can use the service. No one wants this."

    Continue reading
  • UK watchdogs ask how they can better regulate algorithms
    We have bad news: you probably can't... but good luck anyway

    UK watchdogs under the banner of the Digital Regulation Cooperation Forum (DRCF) have called for views on the benefits and risks of how sites and apps use algorithms.

    While "algorithm" can be defined as a strict set of rules to be followed by a computer in calculations, the term has become a boogeyman as lawmakers grapple with the revelation that they are involved in every digital service we use today.

    Whether that's which video to watch next on YouTube, which film you might enjoy on Netflix, who turns up in your Twitter feed, search autosuggestions, and what you might like to buy on Amazon – the algorithm governs them all and much more.

    Continue reading
  • UK criminal defense lawyer hadn't patched when ransomware hit
    Brit solicitor fined after admitting it took 5 months to install critical update

    Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

    The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018*.

    The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

    Continue reading

Biting the hand that feeds IT © 1998–2022