British government lobbies to 'water down' consent requirements in EU data protection regulation
UK government fears restrictive data protection regulations will affect UK dot-coms
The British government is seeking to "water down" the meaning of consent in the forthcoming European Union Data Protection Regulations, which are expected to be passed this year, for implementation by 2017.
These regulations will replace the 1995 EU Data Protection Directive, which has been criticised for being too widely interpreted and implemented across the different states of the EU.
According to reports, the British government has objected to proposals that would require organisations that process personal data to seek people's "unambiguous" consent "for one or more specific purposes". It has called for the EU to use the existing definitions of consent for such data processing that are used under the existing EU data protection framework.
Even this represents a climbdown from earlier proposals requirements for "explicit" consent and the UK government is facing opposition from the French government, which is keen to see stricter controls on the processing of personal data.
According to the legal site Outlaw.com, which is run by law firm Pinsent Masons, under the earlier proposals, "explicit consent would in general be needed where businesses wished to process special categories of personal data, such as health data or information on individuals' ethnic origin or political beliefs. There would, though, be limited circumstances in which this kind of data could be processed without consent altogether...
"In addition, where businesses use 'automated processing' to build a profile about individuals, they must ensure they have individuals' explicit consent to that activity, or otherwise show that the activity 'is necessary for entering into, or performance of, a contract' between them and the individual, or unless the activity is permissible under other EU or national laws that contain 'suitable measures to safeguard the data subject's legitimate interests'."
The British government's approach to the processing of personal data differ from those of backbencher David Davis MP, who resigned in 2008 to fight a by-election. In an interview with Computing published before Christmas, he called for personal data to be treated like personal property - with individuals in charge of what data is held about them by third parties and how it may be used.
The proposed EU data protection regulations will bypass the more standard, but cumbersome, "directive approach" to EU law making. They are intended to provide less leeway for the way in which individual member states choose to interpret or implement the laws.
The EU has justified the ratcheting up of data protection across the Union and the direct implementation of regulations - as opposed to a new directive - on single market grounds.
"The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the way data protection is implemented across the Union, legal uncertainty and a widespread public perception that there are significant risks for the protection of individuals associated notably with online activity," according to the report, which was released before Christmas.
"Differences in the level of protection of the rights and freedoms of individuals, notably to the right to the protection of personal data, with regard to the processing of personal data afforded in the Member States may prevent the free flow of personal data throughout the Union.
"These differences may therefore constitute an obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. This difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC."
The British government is concerned that changes to EU data protection laws might have an adverse impact on the development of dot-com businesses across Europe, as well as hampering new developments in big data analytics. Furthermore, the proposals may also have an impact on some of the government's own plans, such as its Care.data proposals to analyse anonymised healthcare records.