Ahead of formal consultation on the review of the European Data Protection Directive, outgoing Information Commissioner Richard Thomas set out his own personal views on how to achieve a better data protection environment at a conference of European Privacy and Data Commissioners last month.
Thomas called for a focus on regulatory outcomes and the reduction of the risk of adverse effects on individuals and society. He argued for clear standards, accountability, transparency and the need for greater clarity around the role of the IC. Together with improved enforcement and modernised export rules, his comments accompanied the findings of a report commissioned by the ICO from RAND Europe into the Directive.
RAND identified key strengths around the comprehensive nature of its framework, technology neutrality and flexibility, harmonisation of rules across the European Union, and high standards which have been used as a reference by other countries.
General weaknesses found were an outdated technology model, outdated regulatory methods and view of data protection as an issue for experts, rather than individuals. Specific weaknesses were the burden of notification, prior authorisation for data exports, rigid controls around processing or personal and sensitive data and static concepts. The full report will be published later this month as the European Commission undertakes its review of the Directive.