ASPIC: EU Data Protection Laws Outdated
Page 1 of 2
The ASP Industry Consortium (ASPIC) is leading a call for the European Commission to urgently review its data protection laws following a major new Europe-wide research study.
The report from the ASP Industry Consortium (ASPIC) warns that laws driven by the EC's 1995 data directive are implemented inconsistently across countries, leaving businesses at risk from prosecution due to uncertainty over compliance procedures, as well as an erosion in individuals' privacy.
"The Internet and web-based technology have fundamentally changed the way in which people work and how data is processed and transmitted," said Jeff Maynard, European chairman, ASP Industry Consortium. "Online businesses such as ASPs want to be able to conduct operations effectively while protecting the rights of individuals. However, current data protection laws, which were written during an era when data was relatively static, need to be changed to catch up with the realities of an online, mobile world."
ASPIC is calling on the EC to consider a variety of changes, including:
- Uniform personal data protection laws throughout the EU, with an exclusion of corporate data.
- Establishment of a central European data protection authority to act in partnership with countries to implement a common registration and notification process and to monitor and adapt rules as technology changes.
- Redefinition of the roles performed by service providers such as data processor and data controller to reflect technological realities.
- Application of the EU risk assessment approach to determine the adequacy of the data protection laws in non-EEA countries.
"We were surprised by the results of our research," said Richard Wightman, ASPIC's European research committee representative overseeing this study. "While we knew that technology could be used to subvert the intent of data protection laws, we did not expect to find such wide latitude in the interpretation of the 1995 directive, including the extension of the law to corporate data. Having undertaken this major research programme, we are now in a position to work with the EC on changes that will springboard the multi-billion dollar ASP market both in Europe and across the world."
London-based law firm D.J. Freeman conducted the research on behalf of ASPIC in 15 European countries and found that almost every region was operating its own regime in terms of data laws.
Alexander Carter-Silk, of DJ Freeman, commented: "While EC data legislation is not perfect, it does provide a solid foundation for a standardised compliancy framework for the future. In terms of ASPs, the situation in Europe is one where the economy has accelerated past the law and an update is required – not only for the growth of the business model in Europe, but also because the rest of the world is looking to the EU to set the example in achieving cross-border data compliance standards."
ASPIC, an international advocacy group with more than 200 active company members in Europe, commissioned the research project to address international data protection laws and the impact they will have on the marketplace. It concludes that there is an urgent need for ASPs to operate a highest standard data protection compliance programme in order to comply with relevant legislation in countries where they operate.
In addition to his role as European Chairman of ASPIC, Jeff Maynard is founder, deputy chairman and chief technologist of Netstore plc. Richard Wightman is strategic marketing manager for the Unisys ASP Programme in Europe.
Maynard concluded: "International outsourcing creates challenges not found in typical domestic outsourcing. They include cultural, political, financial, technological, managerial and legal considerations. Our research will help ASPs navigate this potential legal minefield and give them a clear understanding of the issu