UK businesses worried about future DP administrative burdens

The summary of responses to the Ministry of Justice’s call for evidence on the European Commission's proposed data protection legislation reveals that a large number of respondents thought that the proposed Regulation would represent an administrative burden. The Ministry of Justice is also of the view that the EU Commission has under-estimated the cost of the proposals, for example, the idea of introducing compulsory data protection officers. The Ministry of Justice will try to quantify the costs and benefits of the Commission’s proposals in the near future.

Many respondents were concerned about proposals such as the mandatory appointment of data protection officers and reporting data breaches within 24 hours, which they saw as costly and overly-bureaucratic.

Social media companies, credit reference agencies and e-commerce businesses in particular argued that the proposed Regulation will have a negative impact on the core functions of their business. Several thought that a prescriptive Regulation will hinder the development of cloud computing.

Most respondents thought that the Right to be Forgotten would encourage individuals to have unrealistic expectations of data controllers, and the vast majority of respondents considered strongly that there is a need for clarity on the definition of personal data.

The Call for Evidence closed on 6 March 2012 and attracted 143 written responses from the public, private and third sectors, consumer groups and members of the public. 66 % of responses came from the private sector, with the finance sector, IT, telecoms and ICT forming the biggest group of respondents (39).

The summary of responses, published on 28 June 2012. 

Privacy Laws & Business's 25th Annual International Conference next week includes on 4 July a full day on the EU DP draft Regulation with presentations by the UK’s chief negotiator, John Bowman; Giovanni Buttarelli, The European Data Protection Assistant Supervisor; Laura Corrado, Deputy Head of Unit, Data Protection Unit, DG Justice, European Commission; the President of France's CNIL; the head of Poland's Data Protection Authority; the United Kingdom Information Commissioner's Director of Data Protection; and a lawyer from Copenhagen speaking, on behalf of Denmark's EU Presidency, on what has been achieved during its 6 month EU Presidency. Few places remain.