European businesses will be forced to appoint a data privacy officer under new data protection laws.
Eduardo Ustaran, head of the privacy and information law group at legal firm Field Fisher Waterhouse, said: “Whatever you do in terms of collecting personal data, you've got to do as little as possible in terms of what you can do with that information. This goes against the way the internet operates. We will see compulsory risk assessments of new activity, operation and process to determine if it will it collect too much data. We will also see compulsory data protection officers for every business.”
His colleague Stewart Room, partner at Field Fisher Waterhouse, said this will be compulsory for SMEs and he likened the position to that of 'Blakey' from 1970s sitcom On The Buses.
Room said: “His role was to make sure all highway regulations were enforced on the bus and he was the epitomy of crazy trade unionism; he represented the jobsworthyness of the 1970s and Europe is imposing that archaic process on businesses.
“Businesses are not required to have a health and safety officer but they appoint one, or are not required to have a disability discrimination officer but they can employ one, but in privacy we are going back to the 1970s idea of how businesses should be regulated with a man inside.”
On 'impossible to comply with' regulations such as those relating to cookies, Room added: “Remember the old adage of the CISO being the guy who says 'no' – that is what this guy will be.
“This is conservativism and regulation, and innovation will be stifled by this regime. Think about what Google Street View offers – if this were in place we wouldn't have it at all. There should be regulators, there should be powers but this is too much the other way, we shouldn't be sticking the regulator in the office as they will stifle growth, innovation and business activity.”
Ustaran said Field Fisher Waterhouse's work with companies in Germany has revealed the data protection offer to be the "most conservative person we come across", and the aim is to try to make data protection more practical.