Back in November 2012, we reported on the UK’s Justice Committee’s opinion on the European Commission’s proposals to reform the data protection legal framework. It was pretty clear from the opinion that the Justice Committee had significant reservations about the proposed regulation. Now the UK Government (through the Ministry of Justice) has issued its response to the Justice Committee’s opinion.
The response picks up on the conclusions set out by the Committee’s reports and provides the UK Government’s view. Overwhelmingly, the Government shares the concerns of the Committee. For instance, the Government argues that the proposed Regulation should be re-cast as a Directive which would provide greater flexibility for Member States where necessary. While supporting the aspiration of harmonisation and new principles in the draft Regulation such as the consistency mechanism, the Government states that data protection law should ‘secure individuals’ privacy without placing constraints on businesses practices that harm innovation and growth’.
The Government also has serious concerns about the potential economic consequences of the proposed Regulation and urges that a full assessment of the impact of the draft Regulation be carried out due to the additional administrative and compliance measures introduced. In that vein, the Government agrees with the Information Commissioner’s assessment that the system set out in the draft Regulation won’t work. The Government actively encourages interested parties to use the Government’s Impact Assessment to analyse the impact of the Regulation themselves and provide any feedback to the Ministry of Justice.
Elsewhere the Government shares the Committee’s concerns around the right to be forgotten and the need for data protection authorities to have discretion when issuing sanctions, but disagrees with the Committee about charging a fee for subject access rights, arguing that organisations should continue to be able to charge a small fee.
Overall, the Government emphasises the need for a risk based data protection legislative model that moves away from the over-prescription in the Regulation and delivers a more proportionate and balanced approach. It stresses that the data protection framework should focus on regulating outcomes, not processes.
This response suggests that the UK Government is gearing up to take a tough negotiating stance on the proposed changes to the data protection legal framework. However, in view of the recent publication from the European Parliament’s rapporteur Jan Philipp Albrecht whose proposed changes to the draft Data Protection Regulation are ‘stricter, thicker and tougher’, negotiating changes to the proposed framework in line with the UK Government’s preferred position is likely to be hard work.