UK data protection law needs to provide greater clarity for individuals and businesses, says the Information Commissioner's Office (ICO).
In particular, the ICO wants clarity on the definition of personal data, the watchdog said in response to the government's public consultation on the European Union Data Protection Directive and the UK Data Protection Act (DPA).
The consultation, which closed on 6 October, called on businesses, public sector organisations and private citizens to give their opinions on how the laws can be improved at a national and regional level.
The government is also seeking feedback to determine if the definitions under the directive and the current act are still relevant.
The ICO highlighted several other improvements it would like to see in any revised framework.
These include greater clarity on when consent is required to use personal information and better coordination between freedom of information law and an appreciation that individual's rights need to be updated to bring them in line with the capabilities of modern technology.
The ICO would also like to see a more pragmatic approach to the regulation of international data flows.
"This is one of the aspects of the EU Directive that most needs to be amended to deal more realistically with current and future international data-flows. A future framework should focus much more on risk assessment by the exporting data controller and should be clearer about data controllers' responsibility, wherever they choose to process personal data," the submission said.
The allocation of responsibilities amongst those handling personal data also needs to reflect the changing nature of modern day business relationships, the ICO said.
"We need to ensure that people have real protection for their personal information, not just protection on paper and that we are not distracted by arguments over interpretations of the Data Protection Act," said David Smith, deputy Information Commissioner.