The European Parliament may not be going about data protection legislation the right way, one expert believes.
If you’re anything like us, you will have been watching with interest the European Parliament’s progress on data protection regulation, which has been debated over and over again.
However, one expert says he thinks it might not end up being passed at all because its approach will not be able to suit all the member states.
Information Commissioner’s Office (ICO) deputy information commissioner David Smith said at Infosec 2013 that he appreciates the idea behind the changes is to harmonise rules on taking care of sensitive information across the European Union.
However, he pointed out that this risks an overly prescriptive approach and rules that countries cannot tailor to their individual cultures.
"The risk is when you produce one set of rules, they become very detailed and allow little scope for differentiation," Mr Smith commented, adding that it "could be counter-productive if it means lots of rules which don’t make sense in the UK".
Instead, the ICO wants to see a risk-based approach brought in so that the idea of businesses being individually responsible for data is not undone and ecommerce is not held back.
"We’re more bothered about addressing risks and outcomes, it’s not just about having the right paperwork in place … More consistency is needed, but not 200 rules," Mr Smith remarked.
The expert also expressed his opinion that it will be hard for a "right to be forgotten" to be implemented.
"Even the commission that drafted this didn’t intend for people to be able to expunge all online records about them, that’s just not realistic given the way information flows," he added.
The European Parliament will go on to discuss the proposed data protection regulations and a consolidated proposal should be released by the end of June.
It comes after the ICO published new guidance urging employers to know where their data is stored and to ensure that gadgets will be secure if they are lost or stolen.