The European Commission has laid down a two month ultimatum in which the UK Government must comply with the Commission’s requirements to ensure that the UK’s Data Protection Act 1998 properly complies with the EU’s Data Protection Directive. The Commission has complained since 2004 that the UK’s law does not adequately reflect all of the requirements of the EU-wide Directive. In particular, the Government has two months to:
- Enable the Information Commissioner’s Office – the Regulator in charge of enforcing UK data protection law – to have the right to conduct random checks on data controllers and issue penalties for non-compliance.
- Ensure that data subjects can properly have the right to have their personal data erased.
- Enable data subjects to have the right to claim compensation for moral damage when their personal data is used inappropriately.
If the Government fails to comply, the matter will be brought to the Court of Justice of the European Union.
The ICO says at http://www.ico.gov.uk/upload/documents/pressreleases/2010/ico_statement_european_commission_280610.pdf, “It is important that we have effective data protection regulation to help protect individuals’ personal information. We look forward to discussing the Commission’s detailed concerns with the Ministry of Justice and providing input into the UK Government’s response.”