Privacy & Information Security Law Blog

On May 26, 2011, the United Kingdom’s Lord Chancellor and Secretary of State for Justice Kenneth Clarke spoke before the EU Committee of the British Chamber of Commerce in Belgium.  His remarks focused on data protection, a subject he characterized as one “heavily on the agenda” in Brussels and in many EU Member States.  Clarke emphasized his own role as a proponent of data protection and a defender of civil liberties and individual freedom, and discussed the introduction into Parliament of a major bill to enhance individual freedom in the UK.  Key measures in the bill, many of which respond to issues raised over the past few years by the UK Information Commissioner, include:

• Greater independence for the Information Commissioner
• Safeguards against misuse of counter-terrorism stop and search powers
• Further regulation of the use of closed-circuit television monitoring
• Reform of the regulations governing vetting and barring of ex-offenders and persons working with children and vulnerable adults

Clarke went on to highlight the need in the EU context to guard against prescriptive regulations on data flows that hamper the ability to share data appropriately and for beneficial purposes.  He cited the challenge of balancing rules that protect privacy, safety and freedom in the context of rapidly evolving technologies.

Although Clarke stated that he doesn’t see the need for a major rewrite of data protection rules or principles, he did express his belief that they should be modernized.  In the future, he said, flexibility will be key to successful data protection that does not threaten economic growth.  While longstanding principles of data protection remain relevant, particularly because they do not address a specific technology or political issue, he rejects a prescriptive “one-size-fits-all” application of data protection principles.  He cited international transfers of data as an important example, saying:

“In respect of the international transfer of data by businesses, for example, I agree with respondents to the United Kingdom’s own consultation that we should consider moving from a system which restricts information based on national standards of data protection, to a system based on the standard of data protection of the particular company involved – far more relevant to modern methods of business.”

This approach suggests the more flexible privacy models based on accountability currently under discussion and raised in consultations by the Asia-Pacific Economic Cooperation and the Organization for Economic Cooperation and Development.