Regulation concerning data protection continues to be a priority in light of the challenges posed by the use of new technologies, and the need to safeguard personal data.
In Europe, the European Commission (EC) has outlined its proposals for a comprehensive reform of European data protection rules to increase users' control of their data and to cut costs for businesses. Proposed changes include mandatory appointment of a Data Protection Officer, the introduction of a right to be forgotten and fines of up to two percent of global turnover for companies that breach the rules. The legislation is divided into a Directive and a Regulation. The Regulation addresses rules around the processing and free movement of data by firms, whilst the Directive focuses on the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences.
In the UK, the Information Commissioner’s Office (ICO) has been given the power to fine companies in breach of data privacy rules up to £500 000. Additionally, in May 2011 ICO published a Code of Practice concerning data sharing within the UK. The code covers both routine and one-off instances of data sharing. The Department for Business, Innovation and Skills (BIS) recently announced a partnership with 26 major organisations, which will work with the Government to develop midata, which will give customers greater access to their personal data. This follows a speech by the deputy commissioner of ICO, David Smith, in June 2011, in which he stressed the need for banks to provide customers with better access to information held on them.