Data law update 'could cause confusion' say MPs

News by Tom Espiner

The European Commission needs to go 'back to the drawing board' over proposals to amend European data law, according to a UK parliamentary committee.

The European Commission needs to go 'back to the drawing board' over proposals to amend European data law, according to a UK parliamentary committee.

The proposals risk dividing UK data laws in two, leading to confusion for organisations that must comply with those laws, the Commons Justice Committee said on Thursday.

The Commission has proposed the introduction of two legal instruments – a regulation and a directive, each of which would need to be transposed into UK law. The committee said that this approach risks causing confusion for organisations.

In addition, the proposals are rigid and do not give enough autonomy to data regulators in individual member states, the committee said.

"We believe that the Commission needs to go back to the drawing board and devise a regime which is much less prescriptive," said committee chairman Sir Alan Beith.

Data protection authorities should be free to handle factors associated with compliance, such as the level of fees or when the authority should be informed about a data protection impact assessment, said the committee.

The committee found some positives in the proposed legislation, saying that data protection needed to be harmonised across European member states.

The Commission rejected the committee's criticism about having two legal instruments. Justice spokeswoman Mina Andreeva told SC Magazine UK on Thursday that the legislation "strikes the right balance".

"The regulation, for the private sector, gives companies much needed legal certainty, and saves costs (up to €2.3 billion per year)," said Andreeva. "The directive gives law enforcement authorities the needed flexibility, as we are talking about internal security. The regulation does not need implementation, but will be directly applicable, and therefore it is hard to see where confusion could arise."

Data protection authority (DPA) powers will be harmonised by the legislation, and regulators will have discretion to set the level of fines, said Andreeva.

"The data protection reform gives all national data protection authorities the same tools so that they can enforce the rules properly in their country," said Andreeva. "Currently powers vary very much and some DPAs cannot even levy fines. Our reform will equip them with the necessary 'teeth', including the possibility to levy fines.

"Nevertheless DPAs will still have the necessary discretion in their choice of sanctions and regarding the level of fines - depending on the circumstances of each individual case. Therefore also on this point we believe that the proposal strikes a good balance."

The European Commission wants to reach political agreement on the incoming data rules by July 2013, Andreeva added.

"The UK recognises that companies and citizens will best benefit from uniform and strong data protection rules which apply equally throughout the entire EU," said Andreeva. "The Commission will continue working closely with the European Parliament and member states to meet the objective of the incoming Irish EU presidency of reaching political agreement of the reform by July 2013."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews