UK's data protection regulator is ineffective, says research

Apr 11, 2013
UK's data protection regulator is ineffective, says research

The regulator charged with overseeing data protection in the UK has been and will continue to be ineffective unless the government takes action, according to research by an academic at the University of East Anglia.

In a paper to be presented today, Dr Karen Mc Cullagh traces the development of the , currently the Information Commissioner's Office (ICO), since its inception almost 30 years ago, when a Conservative government enacted legislation establishing an independent regulator tasked with administering data protection law in the UK.

There has been little research evaluating the effectiveness of the regulator since its inception. Dr Mc Cullagh's study aims to address this by examining its development through four distinct phases, in order to assess the adequacy and effectiveness of the regulator to date, and predict its future potential.

Dr Mc Cullagh, from UEA's Law School, looked at: the period 1984-1998, when the Data Protection Registrar was first created and derived its powers from the Data Protection Act 1984; 1998-2010 when the Data Protection Registrar transformed into the (ICO) and gained enhanced powers under the Data Protection Act 1998; 2010 to the present, since the level of financial penalty the regulator could impose for serious breaches of the legislation was increased through the enactment of the Criminal Justice and Immigration Act 2008; and finally, the changes in proposed EU data protection regulation, which are tentatively scheduled to come into force in 2014.

"My analysis of the regulator's investigative and enforcement powers demonstrates that they have been, and continue to be, lamentably weak and ineffective," said Dr Mc Cullagh. "Despite the much-lauded enhanced powers for regulators in the proposed EU data protection regulation, there is a real risk that the ICO will remain an ineffective regulator in the future if the UK government does not take measures to create an adequately funded and properly staffed regulatory office, with appropriate investigative and enforcement powers."

Dr Mc Cullagh's analysis reveals that socio-economic, technical and political factors influenced the legislative process in each of the four eras of data protection. She shows that these factors influenced the independence of the regulator and the powers conferred on it, resulting in structural and operational weaknesses that impede its effectiveness.

"If the proposed EU regulation is implemented in its current form, the ICO will face a budgetary shortfall of £42.8m – an issue the UK government has yet to address, even though it will seriously impede the effectiveness of the regulator," added Dr Mc Cullagh.

Dr Mc Cullagh will present her research, entitled "Data Protection: regulatory (in)adequacy?", at the 28th annual British and Irish Law, Education and Technology Association (BILETA) conference, taking place at the Liverpool Law School, University of Liverpool, this week.

Explore further: Fitbit to Schumer: We don't sell personal data

More information: www.bileta.ac.uk/Annual%20Conference/

add to favorites email to friend print save as pdf

Related Stories

Sony fined in UK over PlayStation cyberattack (Update)

Jan 24, 2013

British regulators have fined Sony 250,000 pounds ($396,100) for failing to prevent a 2011 cyberattack on its PlayStation Network which put millions of users' personal information—including names, addresses, ...

Data violations unpunished in EU: rights agency

May 07, 2010

Data protection in many European countries suffers from a lack of funds, staff, independence and most importantly, a lack of sanctions for violators, the EU's rights agency reported Friday.

French regulator warns of Google privacy policy

Feb 28, 2012

Google's new privacy policy appears to violate the European Union's data protection rules, France's regulator said Tuesday, just two days before the new guidelines are set to come into force.

Europe to move against Google over privacy rules

Feb 18, 2013

European data protection agencies intend to take action against the US Internet giant Google after it failed to follow their orders to comply with EU privacy laws, a French agency said on Monday.

EU data protection reform to replace national laws

Nov 28, 2011

The European Union wants to replace a mishmash of national laws on data protection with one bloc-wide reform, updating laws put in place long before Facebook and other social networking sites even existed.

Recommended for you

Fitbit to Schumer: We don't sell personal data

12 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

16 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

18 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

18 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

Aug 21, 2014

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

User comments : 0