The Information Commissioner has welcomed the Ministry of Justice's call for evidence on the current data protection legislative framework. He has no doubt that this framework, which includes the UK Data Protection Act and the EU Data Protection Directive, can be improved so that it is more effective in practice, giving individuals an improved set of rights and protections whilst providing greater clarity and reducing unnecessary burdens for data controllers. In particular he takes the view that:
- The current data protection principles are sound, but the law needs to achieve greater clarity of purpose and presentation. The principle of ‘privacy by design’ should be incorporated.
- The law must provide greater clarity about what is personal data, with a more contextual approach to the sensitivity of information.
- The law must be clearer about when consent is needed and what this involves.
- The approach the law takes to the responsibilities of data controllers and data processors should better reflect modern business relationships.
- The law needs more realistic rules for international data flows.
- The law needs to be more in tune with the freedom of information regime and to recognise the impact of modern technology on what private individuals do with personal information.