EU data proposals: Must try harder

Data privacy

European data protection proposals have been slammed by a select committee for being "too prescriptive".

A report by the Justice Select Committee said that the proposals for a common European data protection framework did not allow for flexibility or discretion for businesses or other organisations, which hold personal data, or for data protection authorities.

The committee said that the proposals should focus on those elements that are required to achieve the Commission's objectives, while compliance should be entrusted to Member States' data protection authorities.

The MPs were responding to a request from the European Scrutiny Committee for its opinion on both the draft Regulation and draft Directive. These plans would give EU citizens new data protection rights as set out in the Charter of Fundamental Rights of the European Union and the Lisbon Treaty.

While it criticised some parts of the scheme, it welcomed the potential benefits of an updated law. Individual rights would be increased and the new framework would protect against some of the more unwelcome and often-criticised aspects of digital data processing.

The committee gave an example of the draft regulation, which sets out the rights of individuals to access their personal data, to have it rectified or erased, to object to processing and not to be subject to profiling. From a business perspective, the committee said, the benefits would mainly accrue through the effective harmonisation of laws.

Sir Alan Beith, MP and chairman of the Justice committee said that the current data protection laws for general and commercial purposes need to be updated as they do not account for the digital world.

"However, we agree with the Information Commissioner's assessment that the system set out in the draft Regulation 'cannot work' and is 'a regime which no-one will pay for'. Therefore, we believe that the Commission needs to go back to the drawing board and devise a regime which is much less prescriptive," Beith said.

It will be 2014 before any changes are made to the law in the UK. Final regulation will take effect two years after being adopted.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.