Europe's data protection frameworks need updating, but it will be two to three years before companies even see proposals Europe’s data-protection regulatory framework needs updating, but it will be two to three years before companies even see proposals, Europe’s top data protection official said Monday.In the meantime, companies can take data protection into their own hands by showing they have control over their data and are accountable for it, said Peter Hustinx, European data protection supervisor. “I don’t think we need an overdose of regulation,” said Hustinx, who spoke as part of a panel on online privacy at the RSA Conference in London.But there have been several instances of company failures to handle data correctly, such as when AOL released a large tract of what it thought was anonymous search data, said Ari Schwartz, vice president and chief operating officer for the Center for Democracy and Technology. Those failures mean regulation is needed, such as the adoption of stronger consumer privacy laws in the U.S., Schwartz said.“We’ve seen many companies do things with personal information that are clearly unethical,” Schwartz said. ” In some cases, even just plain illegal under current laws in the U.S. and the E.U.” The irony of data protection is that governments are increasingly demanding that enterprises collect data for a range of uses, such as compliance and antiterrorism purposes. But there are still questions over how to classify data, such as IP (Internet Protocol) addresses, and whether they constitute personal information.Enterprises also have difficulty trying to comply with different data protection regulations in the U.S., Europe and elsewhere. Complying with privacy and data protection laws are of far greater concern than, for example, a server going down, said Michael Spadea, privacy counsel for Barclays bank.“We want to comply,” Spadea said. “I don’t care what the laws are. I want them to be clear, and I want them to be harmonized.”Hustinx said that regulators are looking toward harmonizing data protection rules. “I think we will see progress in the next few years,” Hustinx said.However, new regulations must be clear and allow for a certain amount of self regulation by the industry, said Paul Goad, managing director of the controversial online advertising company NebuAd. The company’s software monitors a person’s Web surfing in order to deliver targeted ads.Regulations often only come after companies have developed their technology, which then has to be retrospectively modified to comply, Goad said. “The fact is we very rarely get a clear mandate,” Goad said. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe