On 6 June 2013, European Commission Vice-President Vivane Reding responded to a letter sent to her two days earlier by Chris Grayling MP, UK Lord Chancellor and Secretary of State for Justice. Her letter surgically
dismantles the lobby-driven analysis of the data protection debate from the UK.

Chris Grayling forwarded a public letter of the UK Information Commissioner (ICO) to Reding which pleads in favour of the vague “risk-based approach” promoted by sections of industry. Grayling’s letter warns about the “risks” of rushing the process of reform (it has, after all, only been two and a half years since the original EU Communication was launched). The “speed” of this glacially slow process
would, Grayling argues, damage business growth, employment and EU competitiveness. Grayling concludes by promoting a letter from lobby group Business Europe which raised concerns about the potential non-balanced and burdensome approach of the proposed draft.

In a two-page answer, Commissioner Reding comprehensively dismantles the arguments put forward by the Secretary of State and the ICO/lobbyists.

On EU growth, she underlines that a single law for Europe will facilitate the flow of data and allow companies to deal with a single supervisory authority. This is in line with Business Europe’s request, she points out, adding that this result can only be achieved through an EU regulation.

On the expansion of the risk-based approach, she explains that this is the approach that the Irish Presidency has been working on for the past
months – meaning that the Business Europe lobbying letter, relayed to the Commissioner by the UK authorities, is severely out of date.

Pointing out something that would be obvious to any competent national data protection authority (but not, apparently, the UK’s ICO), she explains that privacy and competitiveness are not antagonistic objectives and underlined the synergy between data protection and a trust-driven growth. She said
that the proposal is also an incentive for innovation and is in the interest not only of citizens but also of European companies.

In a very sharp rebuke, Commissioner Reding attacks the nonsensical arguments about the alleged “speed” of this process, pointing out that the (UK-driven) Data Retention Directive was completed by the Council of Ministers in only six months.

The letters from the UK show the multitude of ways in which a handful of large companies are mobilising malleable politicians and policy-makers to do their bidding and undermine the proposed Regulation. Delay, distract,delete and destroy is the mantra – all with the help of the UK’s Information Commissioner – the man whose job it is to protect personal data.

This article was edited on 13 June to correct a mistake where the comments of the Secretary of State were ascribed to the ICO.

The ICO also argues he supports the data protection reform.

The ICO also says that its approach to the current notification system does not constitute “apparent support”. To avoid any possible confusion, the relevant paragraph has been deleted.