- V3 Apps
UK businesses would like to see a unified cross-Europe approach to data protection rules, according to a panel advising the government on reforms to the UK's national data protection regulation.
This stance taken by UK firms is at odds with the government's current position of opposing new, tighter regulation from the EU.
The advisory panel held its first meeting at the end of last week at the Ministry of Justice. The meeting was chaired by justice minister for Courts and Victims Helen Grant, and was attended by more than 30 organisations, including a number of large multinational corporations, spanning industries such as retail, finance, manufacturing and the internet.
A number of advocacy groups also attended, as did academics and ICO officials.
Open Rights Group chief executive Jim Killock attended the meeting and told V3 he was surprised by the level of agreement reached.
"There was surprising consensus that a unified European data protection law would be good for everyone: business, small businesses and citizens, by making it easier for people to know their duties and rights wherever they are," he explained.
"The group felt this should reduce the burden on business overall."
The European Commission revealed its first draft of a revised Data Protection Directive in January aimed at overhauling Europe's outdated data protection policies.
One of the major elements of the proposal is changing data protection laws from a directive to a regulation. This would mean laws will be the same in each of the 27 member states across the European Union (EU) in an effort to make it easier for firms to operate across the region under the same legal framework.
Components of the proposed regulation include a requirement for firms to notify the relevant data protection authorities of any serious data breaches within 24 hours and that firms with over 250 employees handling personal data must appoint a data protection officer.
The draft proposals also require businesses to respect users' right to be forgotten, giving people the power to force any firm to delete data stored on their systems.
The UK Parliament Justice Committee recently voiced concerns over the draft regulation, arguing the proposed framework by the EC is too drastic, rigid and onerous for businesses.
Killock said this government position was undermined by the meeting discussions.
"Despite the government's desire to limit the changes to data protection, the advisory group seemed to be prepared for change, and without a doubt wanted greater legal consistency," said Killock.
However Killock said the meeting did spark disagreement on the big data protection issues, like whether people have a right to be forgotten, and on how data portability should work.
Update [4 December 3pm GMT]: At a European Data Protection and Privacy Conference in Brussels, justice commissioner Viviane Reding continued her campaign for the unified European data protection regulation.
Reding promoted the idea of a European-wide data policy to firms that conduct business across borders, promising a single law would make their lives easier and cheaper. She also said she was prepared to amend the data regulation so that it does not impose an additional burden on European businesses.
"I have listened to MEPs, to Member States, to stakeholders and to businesses," said Reding.
"They want us to cut red tape even more and to keep costs low. And we will do so. We will look at the proposal and consider ways in which red tape can be cut without affecting the level of protection of personal data."