We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Information Commissioner warns on risk of 'tick box' approach to privacy compliance

The EU does not fully address the globalised nature of personal data transfer, the ICO says

Although the Information Commisioner's Office (ICO) has welcomed some of the changes to the EU data protection laws, it has warned that some of the proposals may be too prescriptive.

The new EU data protection laws revealed by the European Commission yesterday proposed changes to the data protection laws that included requiring all companies larger than SME size to appoint a data protection officer.

"The [Information] Commissioner believes that in a number of areas the proposal is unnecessarily and unhelpfully over-prescriptive. This poses challenges for its practical application and risks developing a 'tick box' approach to data protection compliance," the ICO said in a statement.

The proposals that the ICO welcomed included the introduction of the individual's right to move their data from one provider to another, and the mandatory requirement for organisations to notify authorities and affected citizens of a data breach.

It is not surprising that the ICO also welcomed the EC's proposals for a strengthening of the powers of data protection authorities.

However, the ICO said that the EC failed to fully recognise the reality of international transfer of personal data. It believed that "further thought" was required on extending the scope of data protection obligations to any processing that is directed at people in the EU, as it did not provide a clear indication of how the regulations would be enforced outside Europe.

The ICO is also concerned about the EC's separate proposal for a new directive regarding the processing of personal data by law enforcement authorities.

"He [the Information Commissioner] is concerned that in an area where the processing of personal data can have a particularly adverse impact on individuals, the Commission's proposals are much less ambitious," the ICO said.

"He believes that a high level of data protection that, as with the current UK data protection act, is equally applicable across all sectors is required and hopes that these provisions will be strengthened as negotiations progress."


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)