Understanding the legal problems with DPA

Amberhawk believes that UK data controllers and data subjects have a right to understand why the EU considers UK law to be imperfect; but has never been able to get the details. At the heart of the problem is possible EU action against the UK for infraction, a violation of EU law; which has been a possibility since 2003. In 2001 the European Court of Justice (in Petrie and Others v Commission) determined that infraction proceedings should not be published because of both confidentiality and potential risk to legal proceedings.

Since that time, Petrie has been used by both the European Commission and the UK government (and the ICO) to justify a refusal to release details about infractions on any Directive. Now Amberhawk has “obtained a Decision Notice,” it reports, “that requires some of the full details to be provided to me; the bad news is that the Government has 35 days to appeal.”

The stakes are high, and Amberhawk expects such an appeal. “However, like a hole in a dam, the breach is widening. My FOI request is now a significant chink [in] the Petrie position.” Those stakes are worth considering. In a separate blog, Amberhawk details some of the information so far released under separate FOI requirement by the UK government. The EC concerns are shown to be extensive. The definition of personal data is too narrow, the circumstances in which personal data can be processed is too wide, the range of exemptions to the DPA is too broad, and the role of the ICO is too weak – among others. “The additional detail revealed by the UK Government,” comments Amberhawk, “raises serious questions as to whether or not the European Commission can be trusted to be transparent (and indeed to follow instructions from the European Ombudsman to become more transparent).”

The implication is chilling. “All the statements made to Parliament by a cohort of Home Office Ministers that their mass surveillance proposals (e.g. ID Card database) were compliant with the Data Protection Act (and the Human Rights Act) are now shown to be somewhere between “wholly suspect” and “demonstrably untrue”. It is unimaginable to think that these Ministers did not know that what they told Parliament was at variance with the true position.”

With a new mass surveillance program in the offing with the coalition government’s proposed Communications Bill (involving the retention of all internet and telephone metadata), the government is likely to prefer legal deficiencies in the current Data Protection Act to remain subdued.


What’s hot on Infosecurity Magazine?