Technology and data storage developments have left the data protection regulatory model outdated.
In a recent SC Magazine webcast, the question was asked whether data protection was keeping up with the evolution of technology. An answer given by former information commissioner Richard Thomas was a simple ‘no'.
Thomas, who served as information commissioner between 2002 and 2009 and now works on several government bodies and is a consultant at law firm Hunton & Williams, said that when he started there was not internet access at the office and this changed in the time he was there.
“There were so many developments, we saw Google come on the scene and we saw Facebook and huge changes in technology and the cost has come down and the capacity to store data has enlarged massively, so there are dramatic changes in technology and in business models that go with that,” he said.
“The law has not kept pace. I made myself a bit of a reputation during the last three or four years of my time as information commissioner saying that the 1994 European directive that governs European law at the moment and which underlies the UK's 1998 act was not fit for purpose and it was a mainframe directive that didn't accommodate the modern world at all.”
Thomas also said that he had likened it to the way things were done in Germany in the 1960s and 1970s, and that it needed to be reviewed. “Even though the laws are supposed to be technology neutral, I am not sure that they are, or have kept pace,” he said.
Commenting, Jonathan Armstrong, partner at law firm Duane Morris, said that it was a ‘yes and no' to the answer from him, as it has kept pace with general principles that have kept up with changes in legislation but some aspects are looking tired.
He picked out that the concept of processor and controller had changed, especially with cloud and outsourcing, and with the new changes in the draft, he said "it will tire more easily".