The contents of this e-mail are confidential and may be privileged. Please refer to the notice at the foot of this e-mail before reading any further.
Sorry - Did not realise jiscmail upset the format - this might be easier
to read
C
http://www.out-law.com/php/page.php?page_id=europeancommission1089896924
&area=news
European Commission suggests UK's Data Protection Act is
deficient
15/07/2004
The European Commission has called upon the UK Government to
justify its approach to data protection law - because it fears that it
does not comply with the European Data Protection Directive.
The concerns are believed to focus on a court's definition of
what constitutes "personal data" in Michael Durant's landmark case
against the UK's Financial Services Authority and subsequent guidance on
the case from the UK's Information Commissioner. But "personal data" is
not the only problem.
Jonathan Todd, European Commission Spokesman on the Internal
Market, told OUT-LAW yesterday:
"I can confirm that the Commission has sent a letter of formal
notice to the UK Government about the conformity of several aspects of
the 1998 Data Protection Law with the EU data protection Directive of
1995."
The detail of the letter - which is said to run to 20 pages -
has not been made public by the European Commission: it is for the UK
Government to decide whether or not to make it public.
However, OUT-LAW understands that the failure of the UK
Government to guarantee the right of access to personal data is likely
to be a strong feature of the letter. Other concerns appear to include
insufficient controls on international transfers of data and a lack of
investigative powers given to the Commissioner.
Todd's comments came as UK Information Commissioner Richard
Thomas presented his latest Annual Report. Mr Thomas was asked by
OUT-LAW if he had seen the letter. He indicated that he had seen a
draft, but not the final version. He also said that he was largely
satisfied with the definition of "personal data" in the UK Act as
interpreted by the Court of Appeal.
The Durant case changed the UK's interpretation of "personal
data" by placing greater focus on the content of personal data being
about the individual concerned. The Commission apparently considers this
to be inconsistent with the 1995 Directive because personal data in the
Directive has a broader construction and applies to that recorded
personal information which directly or indirectly relates to an
individual.
A source who has seen the letter told OUT-LAW: "Neither the
court in Durant, nor subsequent guidance from the Information
Commissioner, is appropriate."
The source stated as an example that where a Data Protection Act
violation is identified: under the UK's 1998 legislation, the
Information Commissioner can only issue an Enforcement Notice to the
Data Controller. If the Controller complies with that notice, there can
be no economic sanction to punish the initial breach. The European
Commission thinks there should be such a sanction.
The possible need for additional powers is something that
OUT-LAW put to Richard Thomas in June 2003.
When asked in an interview for OUT-LAW Magazine if there are any
powers he would like that he does not have, Mr Thomas replied that he
was "not entirely satisfied with" the procedure for responding to a
request for an assessment, which only allows him to give "what you might
call a statutory opinion as to whether or not there has been
compliance."
"I'm very conscious," said Mr Thomas, "that from the point of
view of the individual who is aggrieved and comes to us, even if we give
such an opinion that there has been non-compliance, that may not be
terribly satisfactory. We have no powers to award compensation."
That interview took place six months before the Durant ruling.
Masons, the law firm behind OUT-LAW, worked with Mr Durant on a pro bono
basis and, after the ruling, assisted him in making a complaint to the
European Commission earlier this year.
Dr Chris Pounder, editor of Data Protection and Privacy
Practice, a newsletter published by Masons, said at the time that the
Durant decision was "based on faulty reasoning". He warned that it could
result in the UK's legislation "being found to be an inadequate
implementation of the Data Protection Directive of 1995."
Commenting on yesterday's statement from the European
Commission, Dr Pounder added:
"It is obvious from the Commission's approach that they already
had a number of concerns with the UK's data protection laws. I suspect
the Durant case was the straw that broke the camel's back and led to
their formal approach to the UK Government."
The letter is "a formal request for information," according to
Todd. "In the light of
the UK's reply, the Commission will decide whether or not it considers
the UK law is in conformity or not, and whether or not to request the UK
Government to amend its legislation," he added.
Ultimately, the European Commission could take the UK Government
to court in Strasbourg.
See also:
UK's Data Protection Act might not meet European Union standards
</php/page.php?page_id=uksdataprotection1084964357&area=news> , OUT-LAW
News, 19/05/2004
Watchdog issues Data Protection Guidance after landmark case
</php/page.php?page_id=watchdogissuesdata1076420777&area=news> , OUT-LAW
News, 09/02/2004
Privacy chief to revisit Data Protection guidance after Durant
</php/page.php?page_id=privacychieftorev1071754496&area=news> , OUT-LAW
News, 18/12/2003
Data protection right "is not an automatic key to any
information"
</php/page.php?page_id=dataprotectionrigh1071147023&area=news> , OUT-LAW
News, 11/12/2003
When is personal information subject to privacy law?
</php/page.php?page_id=whenispersonalinf1048517078&area=news> , OUT-LAW
News, 24/03/2003
We are delighted to announce that Masons and Out-Law.com have once again been shortlisted for recognition in this year's e-LOTIES and LOTIES Awards (Legal Office Technology Innovation Awards).The annual awards are organised by In Brief Magazine. We would be grateful if you would take five minutes to vote for us!
Voting closes on 30th July for the e-LOTIES and on 22nd October for the LOTIES. Please visit
www.masons.com/php/page.php?page_id=eloties4400 for further details
If you have received this e-mail in error, do not use the contents of the e-mail or disclose it to any other person. Please notify us by reply, or telephone our London office on +44 (0) 20 7490 4000, and then delete the e-mail. We believe, but do not warrant, that this e-mail and its attachments are virus-free, but you should check. Masons may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to Masons' monitoring the content of any e-mails you send to or receive from Masons. Masons is not liable for any opinions expressed by the sender where this is a non-business e-mail.
Masons is an international law firm with offices in London, Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels, Hong Kong and Shanghai. Further information about the firm and a list of partners are available for inspection at 30 Aylesbury Street, London EC1R 0ER or from our web site at www.masons.com. Each of our offices is regulated by the relevant local law society.
This e-mail has been scanned for all viruses by Star Internet using MessageLabs SkyScan services. For more information visit: www.star.net.uk.
_________________________________________________________________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|