Mark Rogers takes a look at the latest developments in the European Commission’s drive to harmonise data protection legislation across the EU with a new Data Protection Directive.
This time last year I discussed the European Commission’s proposals for revisions to its Data Protection Directive. In what EU diplomats have dubbed the “Hot Phase”, politicians, officials and business lobbyists are entering what proponents of the revisions hope will be the last stages of negotiations before going to the vote later this year.
If you read last year’s blog you will have observed that perceived wisdom at the time suggested the legislation would probably be introduced mid way through 2014. However a recent EU Memo calls for “swift adoption of the proposed legislation.”
What the memo does not mention is that MEPs voted against mandatory fines of up to 2% of global turnover for companies found to be in breach of the privacy regulations – a warning was felt to be a sufficient first step.
The ongoing negotiations will involve nearly 1,000 proposed amendments from MEPs; proof, if it were needed, that, as I suggested last year, the directive would present many challenges for businesses, and, by extension, many challenges from business.
One of the proposals which, on the face it, appears to be worthy is the ‘right to be forgotten’, which demands that businesses remove individuals’ data from their systems if consent to store it is withdrawn - and to also take reasonable steps to ensure it is removed by any third parties with whom it was shared.
Germany, Sweden, Belgium and the UK are among nine member states, along with a strong representation of US lobbyists, that are objecting to several measures they feel will restrict opportunities for data-related businesses. In our predictions blog for 2013 we cited big data and analysis of big data as offering businesses competitive advantage by enabling them to target and tailor services (and advertising) to consumers.
Speaking at an event on global Data Protection Day at the end of January, the current UK Information Commissioner, Christopher Graham, said that a "tightened directive would place a burden on the struggling average business, rather than those truly taking advantage of personal data"
So EU Justice Minister Vivien Reding may say, “we are not here to create a toy for the lawyers of multi-nationals”, but I don’t believe for a minute that this legislation will not end up being a highly lucrative play thing for technology and EU lawyers; not just those representing multi-nationals - particularly if it curtails businesses’ ability to provide more streamlined and relevant services in the pursuit of competitive advantage.
Finally, in trying to predict the outcomes, and more importantly how they will respond strategically to Data Protection revisions, CXOs must also consider the EU’s proposed cyber security strategy and supporting directive, which I will be discussing in the coming weeks.