Strict rules on data protection, proposed by the European Commission, will lead to far more fines than anyone has predicted, a top privacy lawyer said today.
The comments came just two days after European Commission vice president and EU Justice Commissioner Viviane Reding reiterated the need for bigger fines for serious breaches of the law.
The UK regulator, the Information Commissioner’s Office, has already shown a willingness to fine businesses for breaches and will be given more remit to do so once the additional powers come into force, said Stewart Room, partner in Field Fisher Waterhouse’s Privacy and Information Law Group.
The government expected around eight fines would be issued each year when it gave the ICO powers to hit companies with monetary penalties, Room said. Insted, there were 18 in 2013 and 25 in 2012. The ICO has “risen to the challenge” of becoming an independent regulator unafraid of waving its stick.
If the current version of the European data protection regulation is approved, the fining situation in the UK “will be much worse than what everyone is telling you now”, he added.
But this is simply part of a worldwide trend of increasingly using a blunt legal instrument to punish businesses that err, Room said. “It has crossed the Rubicon internationally… the private sector is more exposed than the public sector now.
“If Europe is a hammer, everything it sees is a nail.”
Room recommended those organisations worried about this tougher regulatory environment focus less on general compliance and more on securing private personal data, as that is where their reputation is maintained or destroyed.
“When it comes to looking at regulatory pain, financial penalties, business needs to rebalance the focus away from general compliance issues, towards the security and confidentiality arenas. Too much energy has been focused on the wider compliance agenda. If you’re going to be driven by sanctions and bad publicity, you should re-focus towards security and confidentiality.”
Reding said on Sunday that companies who had betrayed customers’ trust should be punished accordingly and current fining powers were not enough. She pointed to the Google Street View breach, in which it siphoned off data from citizens’ Wi-Fi networks and delivered contradictory information to global regulators.
The subsequent fines were just “pocket money” for Google. In Europe, the tech titan was slapped with a number of fines, including a €900,000 penalty in Spain.
“Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?” Reding added.
“Europeans need to get serious. And that is why our reform introduces stiff sanctions.”
In late 2012, TechWeekEurope uncovered widespread lobbying from US firms attempting to water down the legislation, but the Commission said it was standing firm.
Care about privacy? Try our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…