Plans to update data protection laws in Europe are facing increasing criticism from members of the European Parliament, with one UK commentator calling the draft proposals "a completely demented set of regulations."
But Justice Commissioner Viviane Reding remains adamant that her proposals should become law and has even accused the UK Government of introducing additional complexities. In a letter to the Justice Secretary Chris Grayling Commissioner Reding is quoted as saying she was "surprised to learn that it would be the intention of the UK to introduce a new layer of complexity cost and risk of non-compliance."
The proposed Data Protection Regulation aims to tackle the ever-changing privacy challenges from our use of online technologies such as the Internet and social media. But businesses are worried that some parts of the proposals go too far. These include a requirement to report data breaches within 24 hours, the imposition of fines of up to 2% global turnover and a new right to be forgotten.
Lord Erroll, an independent cross-bench peer in the House of Lords who specialises in IT-related issues has also told E RADAR that the English legal system may find the current proposals 'too difficult to implement'.
Right to be forgotten
It's the proposed 'right to be forgotten' that has dubbed the regulations 'demented'.
The right was introduced originally to protect girls from posting pictures of themselves when drunk underage on Facebook.
Rather than educating teenagers that it's not a good idea (a) to drink underage; (b) photograph yourself when drunk underage; (c) post those photographs on social media websites, the Commission's proposals would allow teenagers to continue doing what they want. Instead, social media websites would be made responsible for their irresponsible actions, be required to remove any photographs, and make everyone else remove them too.
"How this can be done in the real world is anybody's guess", top Internet lawyer Jonathan Armstrong told E RADAR. "People are now waking up to the lunacy of some of these proposals," he said.
Requiring ISPs to police the Internet in this way is shortsighted policy-making. It's estimated that over 80% of the world's data was created in the last two years alone and ISPs would soon be out of business if they had to remove all content users had posted irresponsibly.
But, like it or not businesses need to accept that data protection reform is coming, whatever the details of the final regulation will be. So ensuring data security should remain a top priority for companies, especially across their supply chains.
— Will Roebuck (@ERADARtweet) May 30, 2013
In their latest transatlantic Tech Law podcast lawyers Jonathan Armstrong and Eric Sinrod from Duane Morris LLP discuss their views on the EU's Data Protection reforms.