Proposed EU data rules a 'tax' on business say critics

USB stick and CD Some firms are concerned that they would have to confirm data loss within 24 hours of being hacked.

Related Stories

Businesses have expressed concern about proposed EU data protection rules which include a "right to be forgotten".

The European Commission has said it would set out details of the planned changes later today.

It has already said that individuals would be able to ask for data about themselves to be deleted unless it was being kept for a "legitimate" purpose.

The boss of one tech-focused organisation described the proposals as a "tax" on firms holding customer data.

Elements of the new regulation and directive were unveiled by the Justice Commissioner, Viviane Reding, at the Digital Life Design conference in Munich on Sunday.

She said: "It is... important to empower EU citizens, particularly teenagers, to be in control of their own identity online.

"If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system."

The rules also involve a requirement that companies "swiftly" notify individuals if any of their personal data is lost, stolen or hacked. The commissioner said that this should normally happen within 24 hours.

Companies would also have to appoint a data protection officer - an obligation already imposed on many German firms.

The commissioner said that by simplifying the current "patchwork" of rules and cutting red tape, businesses could expect to save a total of 2.3bn euros ($3bn, £1.9bn) per year.

However, it is expected that firms that fail to comply with the rules could be fined.

Cost worries

One lawyer told the BBC that the benefits would be outweighed by the new burdens placed on businesses.

"The one bit of a good news is that they result in harmonisation across Europe which is better than the existing situation with 27 different national laws, but the content of some these proposals is very onerous," said Marc Dautlich, head of information law at Pinsent Masons.

"These are all going to involve costs and resource. And in a difficult economic climate."

Adam Malik, organiser of the Digital London conference, said that he accepted that customers had a moral right to ask for data deletion, but the new rules - as he understood them - could place some enterprises in jeopardy.

"This is just an additional tax on all businesses which hold electronic customer records," he said.

"Also we need clarity on what is personalised data. Lots of lawyers will be happy about this directive for years to come - meanwhile innovation is discouraged."

Security company FireEye also expressed concern about the suggested data loss demands.

"Reporting within 24 hours of discovery is admirable but if the company wasn't aware of the breach for 24 days then where do all involved stand?" asked its director of European operations, Paul Davis.

But others were more positive about the proposals.

"Businesses can either see it as a glass half empty or a glass half full," said Alan Mitchell, strategy director of Ctrl-Shift, a technology consultancy whose clients include the UK government.

"This legislation will enable UK and EU business to lead this growing market and develop new technologies and businesses."

The rules need to be approved by the EU's member states and ratified by the European Parliament before they can come into effect.

That could take two or more years, during which time they may be amended or rejected outright.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • RihannaCloud caution

    After celebrity leaks, what can you do to safeguard your photos?


  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Rack of lambFavourite feast

    Is the UK unusually fond of lamb and potatoes?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.