The European Commission has referred the UK to the European Court of Justice for failing to protect consumers from the online interception of personal data.
Last week’s referral follows a series of complaints about UK privacy laws. Last year, the commission warned that the Regulation of Investigatory Powers Act (RIPA) and the Data Protection Act do not fully implement the ePrivacy Directive and the Data Protection Directive Privacy.
Tom Morrison, partner, Rollits LLP, says the legislation does not just apply to covert surveillance of the “James Bond type”; but is relevant to “potentially benign activities” such as the monitoring of telephone conversations on telephone helplines.
“The commission feels that the UK’s regulatory regime in this area is deficient in a number of respects, including in relation to the lack of powers of an independent regulator such as the Information Commissioner’s Office (ICO), deficiencies in the legislation surrounding the circumstances in which consent to interception can be implied and an incorrect requirement for interception to have to be intentional before sanctions can be applied.”
Morrison adds that the latest communication from the commission will strengthen the ICO’s case for gaining greater powers in a field of regulation which would sit quite comfortably alongside its existing data protection remit.
