The likelihood of the EU Commission bringing proceedings against the UK for failure correctly to implement Data Protection Directive appears to be growing, as key information about the UK’s failings is released under an FOI request.
The Durant saga continues. Following the Court of Appeal’s landmark decision in the Durant case in late 2003, there has been widespread speculation amongst commentators that the European Commission was threatening legal action against the UK Government for failing to implement the EU Data Protection Directive properly. The investigation arose initially because the Durant case prescribed a more narrow definition of “personal data” than the Commission believed was required to be protected under the EU Data Protection Directive.
While the extent of the alleged shortcomings in the UK’s law implementation of the Directive were not in the public domain until now, nor details of negotiations between the UK Government and the European Commission released previously, the information has now been released in response to a freedom of information request, which reveals the wide range of the European Commission’s concerns. It appears that the Commission raised questions over the way the Data Protection Act 1998 and other legislation implemented 11 articles of the Directive and, if negotiations over the alleged defects fail, proceedings in the ECJ could be brought against the UK Government. The Ministry of Justice maintains that the Directive was correctly implemented.
The fact that this information is now finally in the public domain (after years of rumours as to the Commission’s concerns) may bring the matter to a head. The Government will no doubt want to avoid ECJ proceedings on this, but equally will not want the bureaucratic nightmare of having to amend the data protection and other regimes.