The contents of this e-mail are confidential and may be privileged. Please refer to the notice at the foot of this e-mail before reading any further.





> http://www.out-law.com/php/page.php?page_id=europeancommission10898969
> 24&area=news
> 
European Commission suggests UK's Data Protection Act is deficient 
15/07/2004
The European Commission has called upon the UK Government to justify its
approach to data protection law - because it fears that it does not
comply with the European Data Protection Directive. 
The concerns are believed to focus on a court's definition of what
constitutes "personal data" in Michael Durant's landmark case against
the UK's Financial Services Authority and subsequent guidance on the
case from the UK's Information Commissioner. But "personal data" is not
the only problem. 
Jonathan Todd, European Commission Spokesman on the Internal Market,
told OUT-LAW yesterday: 
"I can confirm that the Commission has sent a letter of formal notice to
the UK Government about the conformity of several aspects of the 1998
Data Protection Law with the EU data protection Directive of 1995."
The detail of the letter - which is said to run to 20 pages - has not
been made public by the European Commission: it is for the UK Government
to decide whether or not to make it public. 
However, OUT-LAW understands that the failure of the UK Government to
guarantee the right of access to personal data is likely to be a strong
feature of the letter. Other concerns appear to include insufficient
controls on international transfers of data and a lack of investigative
powers given to the Commissioner. 
Todd's comments came as UK Information Commissioner Richard Thomas
presented his latest Annual Report. Mr Thomas was asked by OUT-LAW if he
had seen the letter. He indicated that he had seen a draft, but not the
final version. He also said that he was largely satisfied with the
definition of "personal data" in the UK Act as interpreted by the Court
of Appeal. 
The Durant case changed the UK's interpretation of "personal data" by
placing greater focus on the content of personal data being about the
individual concerned. The Commission apparently considers this to be
inconsistent with the 1995 Directive because personal data in the
Directive has a broader construction and applies to that recorded
personal information which directly or indirectly relates to an
individual. 
A European Commission source told OUT-LAW: "Neither the court in Durant,
nor subsequent guidance from the Information Commissioner, is
appropriate." 
The source stated as an example that where a Data Protection Act
violation is identified: under the UK's 1998 legislation, the
Information Commissioner can only issue an Enforcement Notice to the
Data Controller. If the Controller complies with that notice, there can
be no economic sanction to punish the initial breach. The European
Commission thinks there should be such a sanction. 
The possible need for additional powers is something that OUT-LAW put to
Richard Thomas in June 2003. 
When asked in an interview for OUT-LAW Magazine if there are any powers
he would like that he does not have, Mr Thomas replied that he was "not
entirely satisfied with" the procedure for responding to a request for
an assessment, which only allows him to give "what you might call a
statutory opinion as to whether or not there has been compliance." 
"I'm very conscious," said Mr Thomas, "that from the point of view of
the individual who is aggrieved and comes to us, even if we give such an
opinion that there has been non-compliance, that may not be terribly
satisfactory. We have no powers to award compensation." 
That interview took place six months before the Durant ruling. Masons,
the law firm behind OUT-LAW, worked with Mr Durant on a pro bono basis
and, after the ruling, assisted him in making a complaint to the
European Commission earlier this year. 
Dr Chris Pounder, editor of Data Protection and Privacy Practice, a
newsletter published by Masons, said at the time that the Durant
decision was "based on faulty reasoning". He warned that it could result
in the UK's legislation "being found to be an inadequate implementation
of the Data Protection Directive of 1995." 
Commenting on yesterday's statement from the European Commission, Dr
Pounder added: 
"It is obvious from the Commission's approach that they already had a
number of concerns with the UK's data protection laws. I suspect the
Durant case was the straw that broke the camel's back and led to their
formal approach to the UK Government."
The letter is "a formal request for information," according to Todd. "In
the light of the UK's reply, the Commission will decide whether or not
it considers the UK law is in conformity or not, and whether or not to
request the UK Government to amend its legislation," he added. 
Ultimately, the European Commission could take the UK Government to
court in Strasbourg. 
See also: 
UK's Data Protection Act might not meet European Union standards
</php/page.php?page_id=uksdataprotection1084964357&area=news> , OUT-LAW
News, 19/05/2004 
Watchdog issues Data Protection Guidance after landmark case
</php/page.php?page_id=watchdogissuesdata1076420777&area=news> , OUT-LAW
News, 09/02/2004 
Privacy chief to revisit Data Protection guidance after Durant
</php/page.php?page_id=privacychieftorev1071754496&area=news> , OUT-LAW
News, 18/12/2003 
Data protection right "is not an automatic key to any information"
</php/page.php?page_id=dataprotectionrigh1071147023&area=news> , OUT-LAW
News, 11/12/2003 
When is personal information subject to privacy law?
</php/page.php?page_id=whenispersonalinf1048517078&area=news> , OUT-LAW
News, 24/03/2003



We are delighted to announce that Masons and Out-Law.com have once again been shortlisted for recognition in this year's e-LOTIES and LOTIES Awards (Legal Office Technology Innovation Awards).The annual awards are organised by In Brief Magazine. We would be grateful if you would take five minutes to vote for us!

Voting closes on 30th July for the e-LOTIES and on 22nd October for the LOTIES. Please visit
www.masons.com/php/page.php?page_id=eloties4400 for further details


If you have received this e-mail in error, do not use the contents of the e-mail or disclose it to any other person. Please notify us by reply, or telephone our London office on +44 (0) 20 7490 4000, and then delete the e-mail. We believe, but do not warrant, that this e-mail and its attachments are virus-free, but you should check. Masons may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to Masons' monitoring the content of any e-mails you send to or receive from Masons. Masons is not liable for any opinions expressed by the sender where this is a non-business e-mail.

Masons is an international law firm with offices in London, Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels, Hong Kong and Shanghai. Further information about the firm and a list of partners are available for inspection at 30 Aylesbury Street, London EC1R 0ER or from our web site at www.masons.com. Each of our offices is regulated by the relevant local law society.

This e-mail has been scanned for all viruses by Star Internet using MessageLabs SkyScan services. For more information visit: www.star.net.uk.
_________________________________________________________________________________________

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^