The European Commission has requested the UK to strengthen the powers of its data protection authority so that it complies with the EU’s Data Protection Directive. The Commission request takes the form of a reasoned opinion – the second stage under EU infringement procedures. The UK has two months to inform the Commission of measures taken to ensure full compliance with the Directive.
In the Commission’s view data rules in the UK are curtailed in several ways that leave the standard of protection lower than required. The Commission is concerned about limitations upon the Information Commissioner’s powers, in particular that he cannot monitor whether third countries’ data protection is adequate, assessments which should come before international transfers of personal information, and he can neither perform random checks on people using or processing personal data, nor enforce penalties following the checks. Also the Commission is concerned that Courts in the UK can refuse the right to have personal data rectified or erased, and that the right to compensation for moral damage when personal information is used inappropriately is also restricted.