The UK ranks joint 21st in a new index of the severity of data protection laws in Europe, behind Spain, France and Germany.
The Data Privacy Index, from information law portal Data Guidance, calculates a risk score for each country based on the severity of its data protection regime – a high risk means there is high chance of breaking the rules and of being punished.
The data protection gaffes of 2011 A look back at some of the worst infringements of data protection by businesses and the public sector last year
Spain topped the Index, with a score of 4.5. There have been a "number of high level fines seen for non compliance with data protection legislation" in Spain, the Index reveals.
Germany was joint second with a score of 4, and was noted for especially strict rules surrounding marketing data. The Index pointed to a case in which a company had bought a marketing list of contact, and ensured through contractual clauses that the data had been compiled legally. It later emerged that it had not, and the company directors were successfully prosecuted.
The UK has a score of 3, placing in joint 21st place alongside countries such as Romania, Latvia, Ireland and Sweden. "The UK Information Commissioner does not have a legal right of audit but does ask companies to voluntarily subject themselves to audit," the index reported.
"The UK privacy regime has focused on persuasion rather than punishment to achieve greater data privacy compliance," explains Data Guidance’s managing editor Lindsey Greig. "In France, Germany and Spain and other mainland European countries there has been a more aggressive approach to enforcement."
The UK Information Commissioner’s flexible approach may be a boon to innovation, Greig remarks. "The UK approach is viewed as more flexible, encouraging technological innovation, greater use of cloud computing and as being more in tune with the global flows of data," he says.
But he adds that the UK’s relative lenience today means that businesses in the country can expect stricter regulation in future.
"The momentum is behind tougher regulatory measures," he explains. "Justice Commissioner Vivene Reding has made it clear that the data protection proposals to be released [tomorrow] will have tougher sanctions and regulations."
Greig says the Data Privacy Index is designed to give businesses a high-level view of the relative risk of handling data in the various countries in Europe.
"Data now lies at the heart of business and is a fundamental component of brand value," he says. "Businesses need to be able to evaluate risk of their particular activities and act accordingly."
Source: Data Guidance