UK biz baffled by Reding's planned data protection law rewrite: ICO

A large number of British businesses are clueless about many of the main provisions detailed in the European Union's proposed data protection reforms, a new report from the Information Commissioner's Office has claimed.

Consultancy firm London Economics - which was commissioned to carry out the research (PDF) on behalf of the ICO - surveyed 506 companies in the UK and found that 87 per cent of them failed to estimate how much money the planned legislative overhaul might cost their biz.

Justice commissioner Viviane Reding tabled her draft data protection bill in January 2012. It is currently being scrutinised by the European Parliament. The British government has been scathing about many of the proposals laid out in the legislative rewrite, which could lead to a single law on information-handling with which every member state will need to comply.

National governments presently have a patchwork approach to EU data protection legislation based on the 18-year-old Data Protection Directive of 1995 and coordinated by many different watchdogs.

Reding wants to change that, but UK government ministers and Information Commissioner Christopher Graham have long argued that many of the provisions in the draft are overly prescriptive and unworkable on a national level.

Graham has previously described Reding's approach to data protection regulation as "anal".

The report found that 40 per cent of Brit companies are struggling to grapple with the 10 main provisions proposed in the draft bill.

It highlighted that a whopping 82 per cent of businesses surveyed in the report were unable to quantify how much they currently spend on data protection. Small firms were particularly baffled about the plans, while larger organisations with over 250 employees that process more than 100,000 records were better equipped to deal with data protection compliance.

"There has been much talk of ‘what is best for business’, but that must be based on valid evidence. This reform is too important for guesswork," said Graham, who was speaking at a conference in Berlin, Germany on Tuesday.

"[This] report is the latest contribution from the ICO to this debate. We’d urge the European Commission to take on board what it says, and to refocus on the importance of developing legislation that delivers real protections for consumers without damaging business or hobbling regulators."

The data watchdog's chief also urged British companies to continue to lobby the EU.

"Businesses and other stakeholders need to constructively engage with the debate about burdens and the importance of privacy rights, while the process can still be influenced," he said.

Reding's data protection regulation - if successfully passed by parliament - isn't expected to come into force until 2015 at the earliest.

In March, the commissioner's bill was savaged by at least nine member states after countries including Britain successfully argued that the proposed directive was too rigid and cumbersome for businesses operating within the 27 members' state bloc. ®