European data protection proposals have been slammed by a select committee for being "too prescriptive".
A report by the Justice Select Committee said that the proposals for a common European data protection framework did not allow for flexibility or discretion for businesses or other organisations, which hold personal data, or for data protection authorities.
The committee said that the proposals should focus on those elements that are required to achieve the Commission's objectives, while compliance should be entrusted to Member States' data protection authorities.
The MPs were responding to a request from the European Scrutiny Committee for its opinion on both the draft Regulation and draft Directive. These plans would give EU citizens new data protection rights as set out in the Charter of Fundamental Rights of the European Union and the Lisbon Treaty.
While it criticised some parts of the scheme, it welcomed the potential benefits of an updated law. Individual rights would be increased and the new framework would protect against some of the more unwelcome and often-criticised aspects of digital data processing.
The committee gave an example of the draft regulation, which sets out the rights of individuals to access their personal data, to have it rectified or erased, to object to processing and not to be subject to profiling. From a business perspective, the committee said, the benefits would mainly accrue through the effective harmonisation of laws.
Sir Alan Beith, MP and chairman of the Justice committee said that the current data protection laws for general and commercial purposes need to be updated as they do not account for the digital world.
"However, we agree with the Information Commissioner's assessment that the system set out in the draft Regulation 'cannot work' and is 'a regime which no-one will pay for'. Therefore, we believe that the Commission needs to go back to the drawing board and devise a regime which is much less prescriptive," Beith said.
It will be 2014 before any changes are made to the law in the UK. Final regulation will take effect two years after being adopted.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Forcing Apple to allow alternative app stores might cause major security risksAnalysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
New EU vulnerability disclosure rules deemed an "unnecessary risk"News The vulnerability disclosure rules in the Cyber Resilience Act could also cause a “chilling effect” on security researchers
-
Are you ready for NIS2?WEBINAR Find out what you should be doing to prepare for the EU’s latest data protection regulation and UK equivalent with our free webinar
-
EU regulators are digging their heels in despite big tech’s Data Act pushbackAnalysis EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
-
Microsoft's EU Data Boundary will begin staggered rollout in January 2023News Public sector and commercial customers will be the first to benefit when the rollout begins on 1 January across all of Microsoft's core services
-
EU watchdog fights against rules permitting Europol's ‘unlawful’ data practicesNews The pushback follows allegations that Europol was allowed to write its own rules when it came to handling sensitive data
-
EU to introduce strict IoT security regulationNews Manufacturers will be required to assess all risks, and notify the EU of issues within 24hrs
