The proposed data protection framework for Europe will restrict and burden businesses and threaten innovation, says employer's organisation, the Confederation of British Industry (CBI).
The framework will threaten many innovative business models which rely on data-sharing to generate revenue, the CBI said in is submission to the Ministry of Justice (MoJ).
The MoJ had called for submissions on the European Commission’s draft data protection framework for UK representatives – such as justice minister Tom McNally – to take to negotiations in Brussels on the final version.
Compliance will also place a cost burden on businesses which could deter investment and be passed on to consumers, the UK business group said.
The CBI is calling on the European Commission (EC) to revise its proposals, in favour of a proportionate, risk-based approach to the scope of data protection regulation that balances the benefits with the costs of changes and their impact on innovative business models.
“We’re concerned that the EC’s proposed data protection reforms will put European businesses at a competitive disadvantage in a global market, by placing restrictive controls and high cost burdens on innovation and investment," said Matthew Fell, CBI director for competitive markets.
Many novel business models rely on data-sharing to generate revenue and offer a more individually tailored user experience, he said, such as advertising and subscription-based online music-sharing services, where there has been ground-breaking innovation through partnerships with social networking sites.
“Sharing information about music likes and dislikes online, without sharing the actual content, means millions more customers can now legally enjoy listening to music online – a lifeline for the flagging music industry," said Fell.
But it is innovative businesses like these that will be threatened by restrictive controls on data-sharing proposed by the EC, he said. The cost of compliance will burden all industries, deter investment, and ultimately be passed on to consumers.
“Since innovation is a key driver of economic growth, it’s vital that governments here and in Europe support cutting-edge businesses to continue to innovate, before they get left behind by the rest of the world," said Fell.
Firms from across the commercial spectrum will be affected by the proposed changes, the CBI said, as better quality data increasingly drives improvements to business operations and services.
According to the CBI, the EC must balance the data protection rights of individuals with the needs of customers and businesses to ensure businesses can stay competitive and support growth.
The CBI believes that the EC has overestimated the financial benefits to businesses of the proposed data protection regulation and overlooked compliance costs, including:
- Changing IT systems, re-training staff and re-issuing customer terms and conditions. Equipping a call centre to handle issues arising from the changes alone could cost around £100,000;
- The requirement to appoint a Data Protection Officer for two years at a cost of between £30,000 and £75,000 per year; and
- Expanding the role of the Information Commissioner’s Office in the UK to process additional data protection work could place a further cost-burden on taxpayers.
The EC risks undermining its aim of delivering cost-savings to businesses and must focus on how costs can be reduced, so they are not passed on to businesses and consumers.
The UK's Information Commissioner's Office (ICO) has also expressed concerns over the impact of the proposed data protection regulation on business.
Although there is a lot that is welcome in the proposed framework, some aspects are less welcome. There are areas of doubt and some things need more work, deputy information commissioner David Smith told a recent Westminster eForum in London.
"We want to know what the ICO will look like under the new framework; we want to know what the real cost will be to business and if that cost will be justified," Smith said.