Friday 11 January 2013

Ministry of Justice declares war on the Regulation

Before everyone gets too focused on the LIBE Committee’s recent 215 page report, there is some good news to end the week on. An equally hard hitting report has just been published, which may well have far more of an impact on the future direction of European data protection legislation.

This is the Government’s latest position on the proposals – which is contained in the snappily titled “Government response to Justice Select Committee’s opinion on the European Union Data Protection framework.”

Mercifully, this document is only 19 pages long.

It's full of passages like this:

 “In terms of the level of protection provided by the [policing] Directive, as opposed to the draft Regulation, there is no contradiction between providing a more flexible instrument and the delivery of fundamental rights.”


“The Government’s position that the proposed Regulation should be re-cast as a Directive would allow for harmonisation in the areas where it is advantageous and flexibility for Member States where it is required. The European Commission’s Impact Assessment acknowledges that harmonisation could be achieved through the use of a Directive.

For example there could be harmonisation of: the fundamental principles found within the proposals; the rights that data subjects enjoy; and the rules relating to independent supervisory authorities and the European Data Protection Board. The Government also supports the principle of the consistency mechanism. We believe that the data protection framework should protect the civil liberties of individuals. This means putting rules in place that ensure that the processing of personal data is fair, secure, and that data should be retained for no longer than is necessary. 

EU data protection legislation must secure individuals’ privacy without placing constraints on businesses practices that harm innovation and growth. For example, the proposed Regulation places prescriptive obligations upon data controllers as to how they will comply with the proposed Regulation, such as completing data protection impact assessments and hiring data protection officers. This is a ‘one size fits all’ approach which does not allow data controllers (from small online retailers to multinational Internet companies) to adopt their own practices in order to ensure compliance with the legislation. The European Commission’s proposal should focus on regulating outcomes, not processes.”

And it just goes on and on:

"The Government wants to see EU data protection legislation which protects the civil liberties of the individual whilst allowing for proper public protection and economic growth and innovation. These should be achieved in tandem, not at the expense of one or the other."

Also, in terms of its impact on the ICO:

“The Government agrees with the ICO’s assertion that the system set out in the draft Regulation ‘cannot work’ and is ‘a regime which no-one will pay for’.”

This really is the sort of pragmatic, common-sense stuff that we Brits love so much.

As Shakespeare might well have cried:

“Three cheers for the Ministry of Justice, England, and St George!”