We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Information Commissioner warns on risk of 'tick box' approach to privacy compliance

The EU does not fully address the globalised nature of personal data transfer, the ICO says

Although the Information Commisioner's Office (ICO) has welcomed some of the changes to the EU data protection laws, it has warned that some of the proposals may be too prescriptive.

The new EU data protection laws revealed by the European Commission yesterday proposed changes to the data protection laws that included requiring all companies larger than SME size to appoint a data protection officer.

"The [Information] Commissioner believes that in a number of areas the proposal is unnecessarily and unhelpfully over-prescriptive. This poses challenges for its practical application and risks developing a 'tick box' approach to data protection compliance," the ICO said in a statement.

The proposals that the ICO welcomed included the introduction of the individual's right to move their data from one provider to another, and the mandatory requirement for organisations to notify authorities and affected citizens of a data breach.

It is not surprising that the ICO also welcomed the EC's proposals for a strengthening of the powers of data protection authorities.

However, the ICO said that the EC failed to fully recognise the reality of international transfer of personal data. It believed that "further thought" was required on extending the scope of data protection obligations to any processing that is directed at people in the EU, as it did not provide a clear indication of how the regulations would be enforced outside Europe.

The ICO is also concerned about the EC's separate proposal for a new directive regarding the processing of personal data by law enforcement authorities.

"He [the Information Commissioner] is concerned that in an area where the processing of personal data can have a particularly adverse impact on individuals, the Commission's proposals are much less ambitious," the ICO said.

"He believes that a high level of data protection that, as with the current UK data protection act, is equally applicable across all sectors is required and hopes that these provisions will be strengthened as negotiations progress."

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model