UK Battles Brussels To Kill Data Privacy Regulation

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Lord McNally wants lightweight privacy rules instead of the EU’s proposed tough Regulation

The UK government is hard at work in Brussels, hoping to have a controversial data privacy regulation laid down by the European Commission scrapped, TechWeekEurope understands.

The government’s position was outlined earlier this year, when it said, in response to a Justice Select Committee inquiry, it wanted the Regulation to be recast as a Directive. The latter would give member states more flexibility in how to update their own laws, the Ministry of Justice has argued.

Data privacy punch-up

Justice, legal, Europe © Lisa S. Shutterstock 2012Numerous governments and corporations, both inside and outside the UK, are lobbying hard to make amendments to a directive and a regulation outlined by the EU. The US government and various American corporations, including giants like Amazon and Facebook, and British telecoms giant BT have been particularly active.

But none have so far expressed a desire for the regulation to be rethought so thoroughly. The UK government wants two directives – one covering general data protection and the other dealing with data processing within police and judicial co-operation in criminal matters.

Various qualms with the privacy plans have been expressed. Many are upset about the stringent ideas on the table, including fines of up to two percent of a company’s annual turnover for serious breaches of the law, and the “right to be forgotten”, which Facebook believes will be too onerous for it and other businesses in having to delete all traces of customer data on demand.

The UK government, led by justice minister Lord McNally, is now speaking with MEPs in Brussels hoping for a compromise, and a removal of any regulation. “I think a directive is more easily and effectively implemented according to the needs and realities of individual states,” justice minister Lord McNally told TechWeekEurope.

He said he was taking businesses’ concerns on the “over-prescriptive” draft laws into its discussions with the European Commission.

Another reason for the government’s ire over the proposals is money. The UK government and the European Commission have vastly different opinions on the economic impact of the plans.

At what cost?

In its assessment, the European Commission said there would be a net benefit of €2.3 billion per year for the European economy, largely from administrative savings. “We do not agree,” McNally said. “That figure does not cover all the costs.”

The regulation and directive could cost the UK as much as £360 million per annum, the government claimed in November last year. The UK’s data privacy watchdog, the Information Commissioner’s Office (ICO), will have to find another £42.8 million.

McNally claimed the changes would pose a serious threat to UK SMEs too. “Above all, we are keen for any new proposals do not place onerous burdens on small and medium-sized enterprises,” he added.

“They are the backbone of the economy, in this country and across the EU… we must seek to minimise and new restrictive requirements on small firms.

“Incredibly, the Commission claims their proposals will actually help small businesses by simplifying the law.

“I’m all for simplification, but this isn’t it. SMEs on the whole tend to operate within countries and won’t see the benefits of cross-border simplification.”

Opponents of the current draft legislation appear to be gaining supporters amongst European officials. The European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) recently voted in favour of relaxing the laws, and there was evidence MEPs were copying businesses’ suggestions into their recommendation documents.

David Smith, deputy commissioner of the ICO, which also has problems with how prescriptive the legislation is, said “discussions were going in the right direction”.

An agreement is expected before the end of the year, which could mean official European law will be enshrined in the middle of next year.

The European Commission had not responded to a request for comment at the time of publication.

Are you a pedant on privacy? Try our quiz!