- Created: 24 June 2010
The European Commission June 24 sent a warning to the United Kingdom, threatening a case at the European Court of Justice if the UK does not strengthen the powers of its data protection authority so that they comply with the European Union's Data Protection Directive, writes Stephen Gardner.
The UK's standard of data protection was "lower than required under EU rules", the Commission said. In particular, the UK Information Commissioner's Office has no power to make assessments about the adequacy of other countries' data protection regimes, and so cannot make assessments prior to international transfers of personal information. In addition, the ICO has no power to perform random checks on people or organisatins using or processing personal data, or to enforce penalties.
The Commission added that UK data protection law also meant that UK courts can refuse the right to have personal data rectified or erased, and the right to compensation for moral damage when personal information is used inappropriately is restricted. On both of these points, UK law contravened the EU’s 1995 Data Protection Directive (95/46/EC), the Commission said.
The warning sent to the UK is the second warning over this issue, with the British authorities given two months to respond. Failure to do so adequately could lead to the UK government being taken to the European Court of Justice, where the Commission will seek an order to compel action to rectify the infringements.
Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship, said she intended to enforce EU data laws "vigorously".
"Data protection authorities have the crucial and delicate task of protecting the fundamental right to privacy. EU rules require that the work of data protection authorities must not be unbalanced by the slightest hint of legal ambiguity," she said.
A version of this article was published on the e-Forum website.