Law would account for sensitivity of data held, importance of its theft or misuse.
Proposed new laws on data protection in the 27-nation bloc should take into account the nature of data companies hold, rather than just being based on their size or the amount of data, European Union justice ministers agreed Friday. “Among a number of issues discussed was the concept of using a risk-based approach to determine the obligation of data processors,” Alan Shatter, the justice minister of Ireland, which holds the EU’s six-month rotating presidency, told reporters. “This idea is that there would be varying levels of obligation based on the inherent risk of the data processing undertaken by a particular business.” This means the law would account for the sensitivity of data held by a corner shop or bakery making deliveries, compared to a highly-sophisticated online marketing company – and the importance of this data being misused or stolen. EU ministers, in parallel with the European Parliament, are discussing a new set of laws for the bloc. The current law dates from 1995, and there are currently huge variations between the data privacy regulations in each country. European Union Commissioner for Justice Viviane Reding said this approach would help ensure companies were treated appropriately, and show that “we are not here to create a toy for the lawyers of multi-nationals.” ”We should provide legal certainty to SMEs who should know clearly what their data protection obligations are,” Ms. Reding said following the meeting. “We need standard criteria and parameters, which allow simple compliance and supervision.”
(article by F. Robinson – Dow Jones Newswires)