"New European data privacy regulations? But they'd be bad for business", says "neutral" UK regulator.
In essence, the EC says that the collection and manipulation of the personal data of individual citizens of the EU, particularly in relation to the "race or ethnic origin, political opinions, religion or beliefs, trade-union membership, and the processing of genetic data or data concerning health or sex life or criminal convictions or related security measures" should not be allowed unless the individual concerned gives specific permission for such information to be used.
It seems straightforward enough: according to the EC, personal data, by virtue of the fact that it is private and personal, is also "sensitive" data. However, in Britain, the ICO, the body that is actually reponsible for the implementation of the ePrivacy Directive, begs to differ and is floating the idea that whether or not data is deemed to be "sensitive" should be determined by the reasons that organisations cite for wanting to process personal information in the first place. And that, of course, is to make money by manipulating private data.
The ICO's rationale is that it has "reservations" about the automatic default categorisation of personal data as "sensitive" and wants any new regulatory regime to require bodies wanting to process personal data to register the purpose or purposes why they want to manipulate the private data.
According to the ICO, "It is very difficult to to define political opinions, religion or beliefs" and, "We believe that the wording [as proposed by the EC] should be narrower so that the processing would only be caught if its purpose was to reveal or analyse a person’s ethnic origin, race and the like."
Thus the ICO wants what it calls "pseudonymised data" to be considered to be the same thing as "personal data" whilst simultaneously slackening regulatory requirements to such an extent that agencies and organisations would not be required to stick to all the changes being proposed in the EC's updating of the data protection environment. We're different dontcha know, and the rules don't apply to us.
In its report the ICO also expresses concern that the EC's proposed new data protection regulations might put "onerous" and "pointless" roadblocks in the way of agencies, businesses and organisations wanting to "process" the data pertaining to individual people.
In other words, thew UK is yet again at loggerheads with the rest of Europe and is claiming that what is good enough for 26 states isn't good enough for the troublesome 27th, Britain, a nation that always wants its European cake and to eat it too.
According to ICO man Christopher Graham, beefed-up data regulations (if you'll excuse the pun) would cause problems for UK businesses in general and SMEs in particular. Thus the EU directive is "too prescriptive in terms of its administrative detail" and, if applied, will cause British businesses to lose their competitive edge and focus and thus destroy the economic recovery, the green shoots of which we have now been waiting for for five years - and nary a vernal sign do we have.
The ICO contends that a new regime requiring agencies, businesses and organisations to obtain the express permission of individuals to allow the manipulation of their personal data might be "too strict".
Response to the ICO's attitude has been swift and very much to the point. For example, Anna Fielder of Privacy International says, "The UK data protection regulator seems to be rather out on a limb in comparison with his counterparts in Europe. The data protection proposal currently under debate is a development of existing legislation, not a radical revolution. It is necessary because the existing legal framework is being widely abused and is becoming less and less relevant with the advent of new technologies."
She adds, "This is particularly true in the UK, which has some of the weakest data protection laws in Europe. Industry wants the same law across Europe to make it easier for it to conduct business; to achieve this you need some degree of prescription. You can fine-tune some of the administration requirements, but do not throw the baby out with the bathwater... Perhaps the ICO would like to perpetuate the status quo in which people's personal information is abused without their knowledge or consent because boxes are pre-ticked and consent implied?"
It certainly would, in fact the ICO wants to do exactly that on its own sites, and does seem evident that, hand in glove with both UK and US lobbyists, the ICO is siding with big business and that the net result of this partiality may well result in a further erosion of individual freedoms and personal control over the collection, manipulation and dissemination of our own private data
And this as the horsemeat substitution scandal continues to spread and reverberate across the UK and Europe and we all begin to realise that it is not just donkey burgers and politicians that are rotten to the core.