LONDON--The European Commission's proposed data protection regulation would impose more burdens on organizations than benefits, according to a U.K. Ministry of Justice (MOJ) impact assessment released Nov. 22.
In its assessment, the MOJ dismissed claims by the European Commission that a more harmonized data protection regime in the European Union could bring financial benefits totaling €2.3 billion ($3.6 billion) to the bloc each year.
The EC failed “to address the full costs and unintended consequences of its own proposals, by only considering administrative costs” the Parliamentary Under-Secretary of State (MOJ) Helen Grant said in a Nov. 22 statement announcing the release of the impact assessment.
The EC's cost-saving projection, which it released in January alongside its proposed data protection regulation (11 PVLR 179, 1/30/12), fails to include policy and compliance costs as well as underestimates administrative costs, particularly to small businesses, Grant said.
“At a time when the Eurozone appears to be slipping back into recession … it is difficult therefore to justify the extra red-tape and tick box compliance that the proposal represents,” Grant concluded.
According to the Impact Assessment, the Commission overestimated the savings that less legal fragmentation could bring to EU organizations because it based its estimates on the assumption that some 900,000 large organizations would face compliance costs of only €1,000 ($1,602) a year for every additional Member State in which they are established.
However, the MOJ said that the real number of such businesses standing to make substantial savings from greater harmonization would in fact be far smaller at about 42,000.
At the same time, the MOJ said the EC failed to quantify costs arising from having to comply with proposed new requirements, including: appointing data protection officers; carrying out data protection impact assessments; notifying data protection authorities and individuals of data breaches; providing data subjects access to their information free of charge; and demonstrating compliance.
The MOJ estimated the total cost of paying for new requirements under the EC proposed regulation in the United Kingdom would be £320 million ($512.8 million) in a twelve month period covering 2016-17, the expected time line for final implementation of the new regulation. Meanwhile, the total benefits for the same organizations over the same period would be £200 million ($320.5 million), the MOJ said.
The MOJ also rejected EC estimates that under the regulation, some 1,000 additional data breaches would be notified to supervisory authorities, for a total new administrative cost of only €20 million ($25.8 million) a year.
The assessment said that in the United Kingdom, 45 percent of large businesses and 11 percent of small firms report at least one breach per year, and that if required to provide breach notice under the regulation their estimated yearly costs would be between £30 million ($48 million) and £130 million ($208.3 million).
In addition, the MOJ dismissed EC claims that new regulation will increase cross-border trade as the higher costs to data controllers of the proposed regulation will weaken the competitiveness of U.K. businesses, it said.
By Ali Qassim
The U.K. Ministry of Justice's “Impact Assessment: Proposal for an EU Data Protection Regulation” is available at http://op.bna.com/pl.nsf/r?Open=dapn-92fqnu.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).