Data Protection and Privacy

ISPA Legal Forum: 23rd April 2012

Data Protection and Privacy – Implications of the European Data Protection Review

The Legal Forum took place on the 23rd April and was kindly hosted by ISPA legal forum member DLA Piper. This event discussed the implications for ISPA members of the new Data Protection Regulation that was published by the European Commission in January. Speakers discussed the new rules on data protection from the point of view of industry, regulators, government and the law.  Topics addressed included, consent, the ‘right to be forgotten’, data portability, data processing, penalties and notification of data breaches.

Duncan Calow, Partner, Technology, Media & Commercial at DLA Piper London introduced the panel which included representatives from DLA Piper, the ICO, the MOJ, Microsoft and Facebook.

Patrick Van Eecke, Partner, Technology, Media & Commercial at DLA Piper Brussels gave the audience a background to the current legislation which dates back to 1995 and the need for modernisation due to the proliferation of the internet. He stressed that the new legislation was likely to be published early 2014 and that it was still possible to influence the legislation as some articles were not mature yet. Presentation coming soon.

Iain Bourne, Group Manager, Policy Delivery at the Information Commissioner’s Office, stressed the importance of getting the balance right between what businesses and consumers want. He said that the data protection laws needed updating but needed to be workable in that the law needed to understand the technology. He liked the idea of kite mark regulations for companies with examples of best practice but warned that other parts of the regulation needed to be deliverable and not just look good on paper. Link to presentation.

Dan Johns, EU and International Data Protection Policy at the Ministry of Justice, said that it was important to have a harmonised framework that was pro-business and pro-civil liberties. He said that the principles were sound but that there was a need for understanding of the detail and to ensure that it was workable. He wanted to ensure that the penalties were realistic and enforceable and said that there was still some way to go in the process. Link to presentation.

Stephen Bolinger, Attorney at Microsoft, spoke next and said that he found the enforcement plans troubling and pointed out that users already have the right to request their data be deleted. He also didn’t agree that explicit consent was needed and that it would make the user experience miserable. He compared it to the current cookies issue and highlighted the limited time needed to report a breach and questioned the value of notifying every one of every breach. Priorities that he would like to see included harmonisation and clarification of applicable laws and opt-out consent models. Link to presentation.

Simon Milner, Public Policy Director at Facebook said that they took the issue very seriously and that a balance was important to maintain trust and usability at the same time. He said that investment in the industry needed regulatory certainty and pointed out that Facebook already provides users with privacy controls and that they had worked with the Data Protection Commissioner to implement recommendations. Harmonisation was welcome across the EU as were areas on consent and child protection. A re-think was needed on data sharing and the right to be forgotten and that there needed to be a balance. He said that asking for consent before opening a page was frustrating but what worked was asking for consent before applications were installed.

All panellists agreed that there needed to be a balance that protected the rights of users but that was also pro-business. It was also agreed that the regulation needed to be practical to implement.

The panel session was followed by Q&A and then a drinks reception. ISPA would like to thank all the speakers and DLA Piper for kindly hosting the event.

For information about future Legal Forum's please email or call 020 3397 3304.