The opportunity for UK firms to submit responses to the Ministry of Justice regarding proposed changes to the the European Commission's (EC) Data Protection Directive closes on Tuesday, with many firms likely concerned by the first draft of the legislation.
Unveiled in January, the proposed new laws featured several notable changes, including fines of as much as of two per cent of turnover for data breaches, mandatory breach disclosure notification systems and the requirement for full-time data protection officer (DPOs) in firms with 250 employees or more.
At that time the Information Commissioner's Office (ICO) voiced concern with the proposals put forward by the EC, claiming they were "unnecessarily and unhelpfully over prescriptive" and failed to properly recognise the reality of international transfers of personal data in today's globalised world.
Data protection lawyers have said many firms are likely to have echoed these concerns in submissions to the MoJ, with Kathryn Wynn, senior associate at technology law firm Pinsent Masons arguing that several aspects of the law remain unclear.
"There is particular concern about how companies can practically deal with the logistics of security breaches affecting customer data in very strict, 24 hour time frames - with fines of up to two per cent of global turnover meaning that penalties are extremely large."
"While the law has provided clarifications in some areas (such as which data will constitute personal data) a lot of uncertainties remain, particularly as we don't yet know what approach the regulators will take, as this will be controlled centrally, rather than via country regulators such as the ICO in the UK."
She added that many companies will be hoping the first round of consultation leads to more clarity around the proposed laws.
Field Fisher Waterhouse partner Stewart Room told V3 that whether firms had taken the opportunity to submit responses remained to be seen, but he said the ICO's stance on the matter underlined the issue that exist with the first round of proposed legislation.
"The Information Commissioner's consultation response confirms the fears of the critics that the regulation is an exercise in bureaucracy over pragmatism," he said.
"Comparing the EC approach to the line that's being taken right now in the US on data protection, it seems to be clear that the European economy will be further handicapped on the world stage. That's good for no-one in Europe."
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches