PL&B UK E-news, Issue 62

1. Conservative Party Policy Commission recommends repeal of the Data Protection Act

In a report published on August 17th the Conservative Party published a policy document, entitled: Freeing Britain to Compete: Equipping the UK for Globalisation. This document is described as a submission to the shadow cabinet, and was enthusiastically promoted in the media by the Commission's chairperson, Mr. John Redwood MP. Although most media coverage stressed the report’s tax cutting agenda, there is a paragraph on page 58 on data protection under the heading “A Deregulation Bill.” This paragraph states:

Data Protection. We recommend the repeal of this expensive bureaucracy, which fails to protect people’s data. The ever growing power of the internet and computers means we all end up on ever more lists, whether we want to or not. Proper handling of the data given to public bodies and private sector companies would be governed by the general law of privacy, and by established codes of conduct. This measure amounts to 12% of the British Chamber of Commerce’s extra burden, on its burdens barometer. The repeal of [the Working Time Regulations and this proposal] would remove 44% of Labour’s extra costs to business, without harming the protection offered to most people.”

The Information Commissioner’s Office (ICO) response

“The Data Protection Act provides real benefits to businesses and individuals. The key principles of the Act include ensuring personal information is held securely, that it is accurate and up to date and that it is used for purposes which people have been told about. By following these simple principles businesses can ensure they provide an effective customer service.

“According to research carried out by the ICO 89% of businesses felt that the Data Protection Act was needed. Our research also shows that organisations do recognise, overwhelmingly so, that good data handling makes good business sense. A massive 85% said that the Act improved customer trust.

“The Data Protection Act gives us all important rights and protection in an age where more and more of our personal information is being collected and traded. Without it organisations would be free to misuse our personal information, leaving us vulnerable to identity fraud and infringing on our privacy.”

PL&B Comment

Clearly, the ICO spokesman chose not to respond to the proposals on their merits on the following lines:

1. The Data Protection Act and the Information Commissioner “fails to protect people’s data” to the extent that any law and regulatory body “fails” in some areas. The Information Commissioner has called for years for stronger powers to enforce the law and for stronger penalties for those who ignore it. That does not mean that the law, which sets out the widely accepted principles, is a failure.

2. "Proper handling of the data given to public bodies and private sector companies would be governed by the general law of privacy..." In fact, there is no general law of privacy.

3. "....and by established codes of conduct." Codes of conduct by their very nature are sectoral and, therefore, give no general framework of principles for all sectors of society. If there were no data protection law, there would be no specific legal framework to ensure that the codes of practice were referenced when a problem occurs, and no legal redress for people whose interests have been harmed by poor data practices.

4. The Conservative document states (page 62): “The main issue is that the EU simply regulates too much.” However, the comments above apply in a UK context regardless of whether the UK continues or does not continue to implement a European Union data protection directive.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2007