Former Information Commissioner calls for modernisation of European data protection legislation

Thomas is now a strategy advisor with Hunton & Williams, as well as a member of the Centre for Information Policy Leadership (CIPL), the transatlantic think tank supported by the international law firm.

Thomas has also criticised the current framework saying that, with the fast pace of technological change, European data protection laws have a poor reputation and are bureaucratic, uncertain and burdensome.

As a result, he has called for a  new approach which, he says, must try to maximise effectiveness while minimising burden.

"The pace of technological change is increasing both benefits and threats", he said, adding that powerful devices, instant communications, more effective search and analytical tools and ever-cheaper data storage capacity create seemingly endless opportunities to gather and interpret information about us, our activities and our preferences.

But, he explained, European data protection laws have a poor reputation for being bureaucratic, uncertain and burdensome.

In parallel with Thomas' comments, CIPL, under his guidance, has published two papers responding to the European Commission's current consultation on `a comprehensive approach to personal data protection.'

The centre's two papers identify two priorities for the new EU law – introducing an accountability principle and a new framework of binding global codes for international data transfers.

The papers also say that reform must focus on implementation and practicalities. The centre therefore suggests criteria for a modernised 21st Century, regulatory framework, based on clear objectives, real risks and well-balanced outcomes.

The centre is also said to have severe doubts about EU standard-form privacy information notices, which will be so comprehensive – or so simple – as to be meaningless either way.

Privacy impact assessments and privacy by design, says the reports, are welcome, but their use should be encouraged as business processes, not made mandatory.

What’s hot on Infosecurity Magazine?