"The articles of the Directive which the Commission claims have not been implemented properly are articles 2, 3, 8, 10, 11, 12, 13, 22, 23, 25 and 28 – just under a third of the 34 articles in the Directive.
These Articles relate to: the definitions used in the Directive (e.g. the meaning of personal data); the scope of the Directive's application to manual files; the conditions when sensitive personal data can be processed; the fair processing notices give to individuals; the rights granted to data subjects; the application of exemptions from these rights; the ability of individuals to seek a remedy when there is a breach; the liability of organisations for breaches of data protection law; the transfer of personal data outside European Union; and the powers of the Information Commissioner.
Data Protection expert Dr Chris Pounder of Pinsent Masons, the law firm behind OUT-LAW.COM, said that the extent of the objections reflects official attitude towards data protection policy. "All UK Governments involved in implementing the Directive have had a policy of minimising the Data Protection Directive's effect," he said. "The number of problems raised by the Commission seem to indicate that the UK Government may have misjudged the situation and minimised the effect of too many obligations"."
Thanks to Glyn via ORG for the pointer. The UK government had until recently been keeping the details of the EU's complaints under wraps but it seems Out-Law got the information via a freedom of information request. It's a coincidence that the details should begin to emerge now since I had just posted a note about loopholes in privacy legislation to the ORG list in recent days :
"The idea that regulation is a cure for privacy problems is widely held but I don't subscribe to it.
Privacy is a complex issue and can't be addressed through regulation alone any more than complex systemic messes like terrorism or immigration can be solved by regulation (and imagined magical computer systems that keep everyone under surveillance then point out the
baddies) alone. Privacy levels and awareness are an emergent property of a whole series of complicated interracting and dynamic factors, relating to social, psychological, market, environmental, technological (in the Lessig architectural sense or possibly more accurately in the Kim Cameron/ Stefan Brands/ Caspar Bowden/ Ben Laurie/ etc. architectural sense) prevailing winds (and I'm sure members of the list can think of many more).
Apologies for the rant."