Tuesday, October 02, 2007

UK's implementation of the Data Protection Directive

The Guardian reported the following story yesterday:

"Europe's concern over UK data protection 'defects' revealed. Clare Dyer, legal editor, Monday October 1, 2007, The Guardian

The European Commission is threatening legal action against the UK government for failing to properly safeguard individuals' personal data. The commission has raised questions over the way the Data Protection Act and other legislation have implemented 11 articles of the 34-article European data protection directive - almost one-third of the whole. It has warned that it could take the UK to the European court of justice in Luxembourg if negotiations over the alleged defects fail. The investigation has been going on for more than three years, but the extent of the alleged shortcomings in UK law has been kept secret. Ministers have refused to release details of the negotiations to parliament, but the EC, in response to a freedom of information request, has now revealed the wide range of its concerns. The disclosure comes as a new law, coming into force today, compels phone companies to retain information about all landline and mobile phone calls, and make the data available to more than 700 official organisations, including police, security services, tax authorities, NHS trusts and local councils. The move brings into UK law a European directive, the data retention directive, aimed at "the investigation, detection and prosecution of serious crime". It has attracted little notice because it was put into UK law by a statutory instrument, made under the European Communities Act 1972, rather than by a new act of parliament. The government also plans to extend the powers to cover email and internet activity. The information commissioner, Richard Thomas, will monitor the security of the data kept under the new data retention rules. He also plays a major role under the Data Protection Act in making sure individuals' privacy is protected when their personal data is processed and used. But as part of its investigation into UK data protection laws the European Commission accuses the UK of not giving the commissioner strong enough powers."

In the meantime, the UK ICO has, issued its latest guidance notes on the notion of "personal data", taking into acccount Art. 29 Working Party's recent guidance.

No comments: