UK fails to properly implement the EU data protection directive

By EDRi · October 10, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Commission (EC) is concerned about the way the UK has
implemented the provisions for protecting personal data, according to
information revealed by out-law.com following freedom of information
requests.

An investigation has been initiated by the EC three years ago regarding
the way the UK legislation has implemented 11 articles of the 34-article
European data protection directive. This investigation has been kept secret
by the UK authorities, that have concluded through the Ministry of Justice
that UK “has implemented the Directive fully.”

Dr. Chris Pounder of Pinsent Masons explained the wrong interpretation of
the authorities: “All UK Governments involved in implementing the Directive
have had a policy of minimising the Data Protection Directive’s effect. The
number of problems raised by the Commission seem to indicate that the UK
Government may have misjudged the situation and minimised the effect of too
many obligations”.

The situation could be more complicated after the implementation of the Data
retention directive through a new law that came into force on 1 October
2007. This UK law will oblige the electronic communications companies to
keep a one-year log of certain communication data such as: the number from
which a call is made, the customer’s name and address, any number dialled,
the date and time of a call or the geographic location data for mobile
calls.

The UK data retention law will not apply to the content of communication or
to the Internet data, but the latter will probably be included by 15 March
2009 – the limit day in the European directive.

The information commissioner, Richard Thomas, will have the obligation,
under the new law to monitor the security of the data kept according to the
new data retention provisions. However, the lack of strong powers of the
information commissioner is one of the key concerns the European Commission
has addressed in its investigation on the UK data protection legislation.

Europe’s concern over UK data protection ‘defects’ revealed (1.10.2007)
http://www.guardian.co.uk/law/story/0,,2180823,00.html

Europe claims UK botched one third of Data Protection Directive (17.09.2007)
http://www.out-law.com/page-8472

Data retention law makes little difference to telcos, says trade body
(1.10.2007)
http://www.out-law.com/page-8513

EDRI-gram: Data retention for one year for UK telecom companies (1.08.2007)
http://www.edri.org/edrigram/number5.15/data-retention-UK