Friday, 15 April 2016

European parliament votes in big shake-up of data protection laws

Image result for data protection actThe data protection regulation's stated aim is to give citizens back control of their personal data as well as simplifying the regulatory environment.
It could mean huge fines for companies that breach the law and offer some complex problems about how they store, delete and return data to citizens.
There's no incentive for companies to protect customer data unless the cost of breaching the rules and the risk of getting caught greatly outweighs profits.  Currently this is not the case, especially with large companies with a lot of customers.  User data is valuable to companies and misuse of data can be hugely problematic to the users.  Fines and powers of investigation must reflect this.

Let's not forget, though, that governments must also be accountable for internet users' data.  They must recognise that it is our data, be transparent about how they use it and about how that usage may change.

The biggest change is an increase to the fines that can be issued to non-compliant companies - up to 4% of their global turnover or 20m euros, whichever is bigger.  Regulators will be able to inspect companies, who must show that they have appropriate systems in place for compliance, including a mandatory data protection officer for large companies.

It's difficult to see how regulators could properly inspect companies or whether they'll have the resources to do so.

There'll also be provision aimed at making it easier for users to transfer data and accounts to other providers, but once again this could prove difficult in practice:
Or, in the case of someone wanting to transfer their data from one utility or insurance provider to another or even to many, to ensure they get the best deal, "your name and address is probably data you provided, but companies could argue that your gas usage is something that they have collected directly", says Ms Boardman.

No comments:

Post a Comment