back to article How UK’s GDPR law might not be judged 'adequate'

Since 2005, I have tried to use Freedom of Information legislation to find out what is behind the “ongoing” infraction proceedings, commenced by the European Commission against the UK. This is because the UK’s Data Protection Act (DPA) is, according to the Commission, a defective implementation of Directive 95/46/EC. So what …

  1. Anonymous Coward
    Anonymous Coward

    NHS

    The Information Commissioner cannot perform random audit checks on any data controller/data processor under the DPA. There is a limited ability to audit government departments, NHS and telcos but this came after the Commission commenced its “ongoing” infraction proceedings in 2005.

    ^^ That's odd because we've (Scottish NHS board) have been told they can come in at any time and audit us, in fact at least one NHS board in Scotland has invited them in to do exactly that.

    1. Tom Paine

      Re: NHS

      If they've been /invited/ in to do an audit, that's different from them turning up unannounced, isn't it?

      1. Halfmad

        Re: NHS

        random doesn't mean unannounced.

    2. B*s*

      Re: NHS

      It is also strange that when former secretary of state for home dept unlawfully discloses sensitive data and presents it to an employer of an innocent individual which results in damage. The ICO suggest that section 42, law does not require them to carry out an assessment in every case.

      They then choose to allow inaccurate data recorded against that innocent individual to remain in place and do nothing, regardless of users not being able to identify it does not belong to that data subject.

  2. deive

    Optional

    "Indeed, someone who said he was “close to GCHQ/MI6” took me to one side at this month’s ICO conference. He told me that if I were to be given the top-secret list of data protection indiscretions on the part of the UK (none of which relate to national security, crime and taxation etc, I should add), then the damage to EU-UK relations would be so high that the European Commission’s mission in London would have to close, and the UK Ambassador to Brussels would become persona non grata. I was advised to “back off”, whatever that means."

    So we can't know the truth cos someone may lose their job over it? Should ALL government dealings should be 100% open and transparent?? If something causes embarrassment then perhaps we, I don't know, shouldn't do it in the first place?

    1. Len

      Re: Optional

      It is not about one person's job. It is about a complete breakdown in diplomatic relations. Britain is rapidly becoming Billy No Mates while the next decade is all about negotiating with the countries around us. The last thing we need is another major hurdle, having Boris Johnson run our reputation into the ground is bad enough.

    2. Anonymous Coward
      Anonymous Coward

      Re: Optional

      So we can't know the truth cos someone may lose their job over it? Should ALL government dealings should be 100% open and transparent?? If something causes embarrassment then perhaps we, I don't know, shouldn't do it in the first place?

      Ah, but there are a few more things that are at present left undiscussed, even at EU level, because that would blow up the last remnants of diplomatic relationships we have with the Americans.

      I would be the first to agree with you that the theory of democracy is that all dealings are open and conducted in full view of the voters, but in reality that transparency appears less and less to be more exception than rule and as long as voters do not explicitly and fairly aggressively demand this, they are deemed to acquiesce.

    3. cantankerous swineherd

      Re: Optional

      name names.

    4. Dave Bell

      Re: Optional

      "then the damage to EU-UK relations would be so high that the European Commission’s mission in London would have to close, and the UK Ambassador to Brussels would become persona non grata."

      "this month’s ICO conference."

      What else might Sir Tim Barrow have done that wouldn't be in his Wikipedia entry?

      And hasn't this anonymous guy heard of Brexit yet?

      It all sounds bogus. Unless something really bad is being done that certain politicians want to get away from being peronally liable for, and that would have to be really extreme, not just lose-your-job incompetent.

  3. Doctor Syntax Silver badge

    The obvious recourse is an FOI request as to how an answer to these FOI requests would damage international relations.

  4. Anonymous Coward
    Anonymous Coward

    Probably many of the issues which are being kept secret relate to matters raised by the Snowden disclosures. They were enough to blow-up the safe-harbour with the US, and the UK is just as bad and subject (for now) to the jurisdiction of the ECJ/Commission. It's clear that mass surveillance doesn't stand up to European (EU and ECHR) human rights/data protection standards.

    1. Anonymous Coward
      Anonymous Coward

      "the UK is just as bad and subject (for now) to the jurisdiction of the ECJ/Commission"

      Perhaps this is why the government is deliberately making such a pig's breakfast of the Brexit process, going far further than any mandate given by the question that was put to the people, yet claiming it's "the will of the people". [It must be deliberate decision to do it this badly, no-one could do this much by mistake]

      1. James 51

        It is May's long standing personal ambition to get the UK out of the ECJ and ECHR so she can completely ignore human rights. She had no problems with handing people over to other countries to be tortured and would have if the courts hadn't stopped her. Brexit is the chance of the powerful to fundamentally undermine democracy and the powerful aren't letting it go to waste. Just look at laws like imprisoning journalists who print inconvenient truths.

    2. Anonymous Coward
      Anonymous Coward

      Probably many of the issues which are being kept secret relate to matters raised by the Snowden disclosures. They were enough to blow-up the safe-harbour with the US

      In my opinion, the actual problems of Safe Harbour were known for well over a decade but were only addressed when it became politically untenable to maintain the illusion, and that was more caused by Facebook vs Max Schrems/Europe than the Snowden revelations. Don't get me wrong, Snowden *massively* contributed to the current EU stance by offering evidence that allowed the EU to stop the usual US blackmail regarding trade agreements, but what ended Safe Harbour was law, not politics.

      This is why I also expect Privacy Shield to falter when it is reviewed in July: it is again a political solution, a "we won't hurt each other" agreement to maintain US-EU trade, but the legal underpinning to protect the privacy of EU citizen data in the US has not been established, and I don't see that change, certainly not with Trump in charge. Trump's idea of negotiating is somewhat too binary for this to be addressed, and I have as yet not seen anyone in his team being able to moderate him in any way, shape or form. "Sad" indeed.

      1. Len

        Agreed. Safe Harbour was found not compatible with the EU Charter of Fundamental Rights by the courts. I fully expect Privacy Shield to be found incompatible as well. I think most people here on the European side know that as well (I don't know about people across the pond) but they also pragmatically realised that it was better than having Safe Harbour lapse without an alternative in place. Privacy Shield has effectively bought foreign companies time to get compliant with EU law before the courts strike it down.

  5. James 51
    Big Brother

    Did anyone else keep reading it as GDR?

  6. John Smith 19 Gold badge
    Unhappy

    So the UK DP laws remain someof the worst implementations of EU directives in Europe.

    To the point where the flaws are so serious it is deemed even talking about them in public will FUBAR the UK/EU relationship

    And has been so for close to 2 decades at least.

    Given that a lot of the UK's economy is based on "intangibles" IE financial services it's not looking like a lot of that will stay in London post Brexit.

    Will the UK have to join so many of it's former colonies and protectorates as a tax haven for peoples wealth?

    1. John Brown (no body) Silver badge

      Re: So the UK DP laws remain someof the worst implementations of EU directives in Europe.

      Yes, it's odd isn't it. SO many "little" Directives that directly affect people in their day-to-day lives are enacted in their most extreme forms, far more vigoursly than in many other EU states, the southern ones in particular, yet the more important ones, which affects the operation of government, seem to be enacted with so many flaws and caveats to make them almost unworkable and, as per the article, effectively unlawful in terms of the EU. You'd almost think there has been a multi-decade campaign running in the shadows of government to get the UK out of the EU one way or another.

    2. Version 1.0 Silver badge

      Re: "intangibles"

      Given the current direction of "negotiations" and May's Trump-like approach to Remainers, I can't see any possibility of the UK retaining any kind of data-sharing agreement with the EU post Brexit. This will force most of London's businesses to either move to Europe or work through an intermediary outside the UK (Ireland anyone?).

  7. cantankerous swineherd

    "Indeed, someone who said he was “close to

    GCHQ/MI6” took me to one side at this

    month’s ICO conference."

    sounds like Walter Mitty. who was it?

  8. EnviableOne

    Five Eyes, Echelon and DRIPA

    The remaining problems are probably around the overreaching co-operation between CAN/USA/NZL/AUS/GBR using each other to spy on their own citizens and how the Prism/Echelon system has worked, allong with the lack of oversight and appeal in acts ike RIPA DRIPA and DEA.

  9. Roger Mew

    I have tried to obtain information about Dacorum councils complaints about highway speed bumps and basically have been told to go away as it would cost too much to find out. I now have to take them to court to get my vehicle repaired. I recovered one of the lumps that hit my vehicle, incorrect fixings, incorrect substrata, Ie not concrete but tarmac, and insufficient fixings, 2 not 4.and knowing there was problems did nothing. So now, county court. as the FOI was just rejected. FOI, lies and blocking and a waste of time.

    1. Britt Johnston

      FOI requests are not the best way to get road repairs

      Some kind of active discussion would lead to more efficient resolution, I'd suggest.

  10. Anonymous Coward
    Anonymous Coward

    Funny

    I evaluated the UK implementation of the Directive perhaps ten years ago as mine was, at the time, a UK company.

    I found it to be such a joke that we decided that, as the data was held in servers in France, we would apply French law, which at least does give individuals real rights.

    I have no idea why the UK came up with such a horrible implementation. If their intention was to be "business friendly" (at the expense of screwing consumers, of course), that has backfired spectacularly. We, as a business, have every possible interest in consumers having clear and effective rights, otherwise we haven't the faintest where we stand and it's all headaches in the long run.

    Not long after this we decided to close the UK side of the business. Turned out to be a much more sound decision than we expected.

  11. veti Silver badge

    Who are you?

    If you're going to publish an article with extensive use of the first person singular pronoun -

    Is it really asking too much for your own name, rather than that of a company, to be attached to said article?

    Doesn't have to be your real name, you can use a pen name if you're shy. But "Amberhawk Training" doesn't sound like anyone I'm likely to meet in a pub.

  12. Derichleau

    Section 13 of the DPA

    While there is no ability for a data subject to challenge the Information Commissioner’s failure to enforce the DPA against a data controller, the recent Court of Appeal ruling that disapplied Section 13(2), means that individuals can now seek compensation in the small claims court.

    So I took Halfords to court in February for failing to comply with my data protection rights. Halford's lawyer subjectively argued the merits of the DPA in court and won the case. That cost me £50. I've now submitted a complaint to the ICO that Halfords argued their own unfounded interpretation of the DPA in court and the ICO will uphold my complaint. I'll then file a new claim against Halfords for £750. If they want to go to court to defend it a second time, having been advised by the ICO, then I'd expect the ICO to threaten them with prosecution. However, I'll just keep repeating the process until the ICO prosecutes Halfords. At this point they might agree to settle my claim.

    The ICO once threatened my bank with prosecution when they refused to accept the ICO's definition of direct marketing.

  13. B*s*

    Government are recording all kinds of data, such as the fact that innocent people have been victims of crime.

    They then link your name to the criminals file as an alias once it is identified they have used your name and date of birth.

    At this stage the victim is treated with suspicion and prejudgement, DBS suggest this is because you could be avoiding the checking g system. But they denied that they can be held accountable due to acting in accordance with the law.

    The police suggest they need to record in this manner for the purpose of prevent and detect. They record markers to alert users details have been used.

    ICO suggest the law does not require them to carry out assessments, regardless of section 42 request.

    Home office suggest that police are responsible.

    1975 exemptions orders have been judged as ultra virus.

    But police act part V section 113a says that secretary of state for the home dept will disclose all "prescribed details" if a name and date of birth is recorded.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like