Government Response to Justice Select Committee's

Government Response to Justice Select Committee's

Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals January 2013 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals Presented to Parliament by the Lord Chancellor and Secretary of State for Justice by Command of Her Majesty January 2013 Cm 8530 £6.25 © Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/ or email: [email protected] Where we have identified any third party copyright material you will need to obtain permission from the copyright holders concerned. Any enquiries regarding this publication should be sent to us at: [email protected] or 020 3334 5408. This publication is available for download at www.official-documents.gov.uk and on our website at www.justice.gov.uk ISBN: 9780101853026 Printed in the UK by The Stationery Office Limited on behalf of the Controller of Her Majesty’s Stationery Office ID 2533713 01/13 Printed on paper containing 75% recycled fibre content minimum. Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals Contents The approach to reforming the current data protection framework 3 The draft Regulation 5 Arguments for and against a Regulation 5 Impact assessment 6 Impact on the Information Commissioner’s Office 7 General comments on the draft Regulation 7 The “right to be forgotten” 7 Subject access rights 8 Obligation to appoint Data Protection Officers 8 Sanctions 9 Concerns raised by specific groups 9 The Committee’s opinion – Regulation 11 The draft Directive 14 The Committee’s opinion – Directive 17 1 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals 2 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals The approach to reforming the current data protection framework We are concerned that the approach taken by the European Commission, introducing two instruments, will lead to a division of the UK law, set out in the Data Protection Act. We believe that this could cause confusion, both for data subjects, and for organisations within the criminal justice system in particular, as they will have to consider which law applies in their given circumstance. We are also concerned that this twin-track approach might also lead to inconsistencies in application, both due to differing provisions in the instruments and over time, due to court decisions under each instrument. If this is still to be the approach, we recommend that there is consistency between the two instruments from the outset, to mitigate the future divergence in their application. Furthermore, the UK Government and the Information Commissioner’s Office will be required to work effectively together in order to produce and disseminate effective guidance so that data subjects know their rights and organisations know their responsibilities under each law. (Paragraph 13) The UK Government’s position with regard to the proposed Regulation is that it should be re-cast as a Directive. With regard to the proposed Directive covering processing in the area of police and judicial co-operation, the Government does not believe that the case for replacing and repealing the Framework Decision 2008/977/JHA has been convincingly made. If the proposed Regulation were to be changed to a Directive and the proposal for a Directive were to be taken forward, then there would be two Directives, one for the general data protection framework and one for processing in the area of police and judicial co-operation in criminal matters. An advantage of this approach would be that the two Directives could then be implemented in a single piece of domestic legislation to help avoid confusion and support consistency where necessary. With regard to the Committee’s call for consistency between the two instruments, the Government believes that, as far as it is possible, there should be parallels between the two instruments. It is however important that the different contexts in which the instruments have been proposed are considered: the draft Regulation has been proposed for general data processing, whereas the draft Directive applies in the field of police and judicial co-operation in criminal matters. The use of data in the areas covered by each instrument is very different and there is a need for greater flexibility in the field of police and judicial co-operation due to the operational requirements in this area and, where necessary, this should be reflected in the two instruments. Recital 10 of the draft Directive refers to Declaration 21 on the protection of personal data in the fields of judicial co-operation in criminal 3 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals matters and police co-operation,1 which acknowledged that specific rules may be needed for the protection of personal data in this field. The Government notes the Committee’s call for it to work with the ICO to disseminate effective guidance. We would expect the ICO to provide relevant guidance following the adoption of the instruments. 1 Declaration 21 on the protection of personal data in the fields of judicial co-operation in criminal matters and police co-operation, annexed to the final act of the intergovernmental conference which adopted the Lisbon Treaty. 4 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals The draft Regulation Arguments for and against a Regulation Bringing EU data protection legislation up-to-date is necessary and could provide benefits to both individuals and businesses. Many of these benefits are only attainable if there is effective harmonisation of laws across Member States, and therefore we can understand why the European Commission decided that a Regulation was the correct instrument to achieve their objective. However, by setting out prescriptive rules there is no flexibility to adjust to individual circumstances. We believe that the Regulation should focus on stipulating those elements that it is essential to harmonise to achieve the Commission’s objective, such as the consistency mechanism and the establishment of the European Data Protection Board. Member States’ data protection authorities should be entrusted to handle factors associated with compliance, such as the level of fees or when it should be informed about a data protection impact assessment, whilst also being a source of guidance. Consistency of approach should then be delegated to the European Data Protection Board. (Paragraph 30) The Government’s position that the proposed Regulation should be re-cast as a Directive would allow for harmonisation in the areas where it is advantageous and flexibility for Member States where it is required. The European Commission’s Impact Assessment acknowledges that harmonisation could be achieved through the use of a Directive.2 For example there could be harmonisation of: the fundamental principles found within the proposals; the rights that data subjects enjoy; and the rules relating to independent supervisory authorities and the European Data Protection Board. The Government also supports the principle of the consistency mechanism. We believe that the data protection framework should protect the civil liberties of individuals. This means putting rules in place that ensure that the processing of personal data is fair, secure, and that data should be retained for no longer than is necessary. EU data protection legislation must secure individuals’ privacy without placing constraints on businesses practices that harm innovation and growth. For 2 European Commission, Working Document. Impact Assessment: Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. Pg 46 5 Government response to Justice Select Committee’s opinion on the European Union Data Protection framework proposals example, the proposed Regulation places prescriptive obligations upon data controllers as to how they will comply with the proposed Regulation, such as completing data protection impact assessments and hiring data protection officers. This is a ‘one size fits all’ approach which does not allow data controllers (from small online retailers to multinational Internet companies) to adopt their own practices in order to ensure compliance with the legislation. The European Commission’s proposal should focus on regulating outcomes, not processes. Impact assessment We call on the European Commission to work with the UK Government, the governments of other Member States, and other stakeholders, and to pool resources, expertise and information, so that a full assessment of the impact of the proposals can be produced. (Paragraph 37) The Government published its own Impact Assessment on the proposals on Thursday 22 November 2012. While the assessment focused on the impact of the proposals on the UK economy, it also provided an assessment of the Commission’s Impact Assessment, including an explanation as to why the Government believes the administrative saving of €2.3 billion per annum estimated by the Commission is a significant over-estimate. The Government’s Impact Assessment recognises that while there are benefits from the proposed Regulation, such as a reduction in legal fragmentation, these benefits are outweighed by the costs of additional administrative and compliance measures that the draft Regulation introduces.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    22 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us