This post was also written by Nick Tyler.
The UK Minister responsible for government policy on data protection has raised concerns about any proposed “radical rewrite” of the EU Data Protection Directive.
Kenneth Clarke, Lord Chancellor and Secretary of State for Justice, called for both flexibility and a common-sense solution to modernising data protection law. He recognised that “technology has moved on” and that future EU regulation of data protection must address the “broader landscape” without getting caught up in “endless” debate “over the details”.
The flagging at this stage of some fundamental UK opposition to a number of specific reforms does not bode well for a happy consensus emerging from the EU-wide negotiations to follow the hotly anticipated publication of the EU Commission proposals:
What are seen as ‘Bad Ideas’?
- A new “right to be forgotten” – Worried about its impact on both business and the public, Mr Clarke made it plain that he wants the “right to be forgotten” to be forgotten!
- Revision of the Data Retention Directive – Mr Clarke staunchly defended the ability of law enforcement authorities across the world to collect, retain and pool data to improve security, in spite of concerns from privacy regulators and advocates.
- EU extra-territoriality – While acknowledging the aspirational “idea that European standards [of data protection] should apply to any firm processing EU citizens’ data anywhere in the world”, Mr Clarke was withering in his assessment that, on purely legal grounds, the European Commission must be “wrong”:
“I see little sign that the Commission has thought about this sufficiently yet. And how on earth are you going to enforce EU [data] protection on a global basis?”
Any ‘Good’ Ideas?
The Accountability Principle and Binding Corporate Rules –referring to the UK’s consultation on revision of the EU Data Protection Directive, Mr Clarke backed a more business-friendly solution:
“. . . [W]e should consider moving from a system which restricts information based on national standards of data protection, to a system based on the standard of data protection of the particular company involved – far more relevant to modern methods of business.”
Raising the Stakes for the Future of EU Data Protection?
The UK Government position appears against a move toward harmonization. In Mr Clarke’s view sticking to a set of shared principles and values, which at present has been implemented and is enforced in 27 different ways, would allow each country to be true to its own “constitutional and cultural identities”:
“. . . let’s learn to understand each other’s legal systems better, not rewrite our respective statutes and codes from scratch.”
This is a challenging prospect for global businesses trying to understand and comply with local law variations across Europe. They can only hope that the future EU data protection regime delivers some significant improvements to work with, and avoids the imposition of bad ideas in the form of arbitrary, additional and onerous obligations.