The UK’s Justice Committee has listed a plethora of issues it has with the European Commission’s data protection framework proposals, and told it to “go back to the drawing board”.
The EC drew up two pieces of legal documentation in January: a data protection directive and a regulation. Both contained different rules organisations across member states would have to follow.
Yet many parts of the proposals have been lambasted. Many see the EC’s ideas as “over-prescriptive”. In particular, opponents have complained of the potential for excessive fines, a stipulation to make companies with more than 250 employees appoint a data protection officer, and the need to implement “privacy by design”.
The committee has now taken up the main issues in its new report, which is itself a response to a request from the European Scrutiny Committee for its opinion on the proposals.
According to the Justice Committee, the very fact that there are two separate pieces of legislation is an issue, that “will lead to a division of the UK law, set out in the Data Protection Act”. Such a “twin-track approach” could breed “inconsistencies in application”, the body argued, saying it needed clarity on whether the directive would even apply to law enforcement agencies in the UK.
The committee also warned about the “right to be forgotten”, as it could create unrealistic expectations amongst citizens. Many believe the right would be technologically infeasible: given the way data is disseminated and stored, it would be impossible to completely delete it. Others have noted how the right to be forgotten might infringe on people’s “right to remember”.
Punishment is also a contentious issue. The EC has recommended that punishments for the most severe data breaches should hit two percent of the guilty organisation’s annual turnover. But the committee said nations’ data protection authorities should “have more discretion” over the penalties they can dish out.
“The current data protection laws for general and commercial purposes need to be updated, as they do not account for the digital world. However, we agree with the Information Commissioner’s assessment that the system set out in the draft Regulation ‘cannot work’ and is ‘a regime which no-one will pay for’,” said Sir Alan Beith MP, chairman of the Justice Committee.
“Therefore, we believe that the Commission needs to go back to the drawing board and devise a regime which is much less prescriptive.”
Are you a security expert? Find out with our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…