Binding guidance on the legality of new business ventures could be part of the UK’s new 'enabling' data protection regime, the information commissioner said last night. The idea, based on HMRC practice, is one of several new mechanisms being considered to provide certainty on data protection compliance, John Edwards told an audience of lawyers.
The commissioner, who took office a year ago with a brief to create a more innovation-friendly data protection climate, rebutted criticism that he had been 'missing in action' in controversies around law reform. The Data Protection and Digital Information Bill, currently before the House of Commons, reflects concerned raised by his office, he said. 'We've been effective at getting rid of the proposals putting data at risk.'
On whether the new regime would meet the 'adequacy' requirements of the EU, he said 'I see no reason for any European to be concerned that their data is held in the UK.'
The Information Commissioner's Office has also abandoned the 'money go round' of imposing heavy fines on public sector bodies - a practice, Edwards said, which amounted to fining the victims of data breaches.
Edwards was speaking to a packed audience at an event organised by the City of London Law Society and the Law Society of England and Wales at the headquarters of City firm CMS. In a question and answer session he declined to be drawn on details of his plan for binding guidance, but conceded that guidance would still be open to challenge in the courts. He also said that - unlike under the HMRC model - individual guidance would be published 'for the good of the economy'.
Edwards said that in a year of 'cultural adjustment' from his native New Zealand, he had learned that, on privacy and data protection, Britons are 'worried about change'. However he pledged that he would 'not be part of the deconstruction of the data protection framework'.
3 Readers' comments