Modernise EU data protection laws, says former UK Information Commissioner

Former UK Information Commissioner Richard Thomas has called for a modernised European framework for data protection

Former UK Information Commissioner Richard Thomas has called for a modernised European framework for data protection.

Thomas, now a strategy adviser at legal services firm Hunton & Williams, was responding to a European Commission consultation on a comprehensive approach to personal data protection.

He was speaking as firm's privacy think tank, the Centre for Information Policy Leadership (CIPL), published two papers on the EC's consultation.

Thomas criticised the current framework, saying that with the fast pace of technological change, European data protection laws have a poor reputation and are bureaucratic, uncertain and burdensome.

He called for a new approach that should try to maximise effectiveness while minimising burden.

Thomas said the EU directive was no longer fit for purpose and he was delighted that the review process was underway.

"But there is still a long way to go to draft balanced laws that will work in practice when so much personal information can flow so easily around cyberspace with no regard to national boundaries," he said.

The CIPL's papers identify introducing an accountability principle and a new framework of binding global codes for international data transfers as two priorities of the new EU law.

Other recommendations made in the CIPL's papers include:

  • Reform must focus on implementation and practicalities
  • EU standard-form privacy information notices must not be so comprehensive or so simple as to be meaningless
  • Efforts to simplify rights of access, rectification, erasure and blocking are welcomed
  • Harmonisation must be based on common principles and objectives, avoiding both highest and lowest common denominators
  • Notification requirements should be replaced with a very simple registration system to provide regulators with funding and channels of communication for enforcement and education

Read more on IT risk management