Striving for efficient and accessible protection against data protection violation

January 28, 2014 by Emma Rayner, University of Nottingham
Striving for efficient and accessible protection against data protection violation

Obstacles to accessing data protection remedies have been revealed, thanks to new research conducted by The University of Nottingham's Human Rights Law Centre (HRLC).

This research contributes to the findings of a new European Union report that considers the actual experiences of victims and those dealing with violations to identify areas for improvement.

A new European Union Report on Access to Data Protection Remedies by the EU Fundamental Rights Agency (FRA), published on the eve of EU Data Protection Day (28 January 2014), reveals serious flaws in procedures to address data protection violations.

Tackling personal data violations

The report gives an overview of the current legal framework and procedures that people can currently use to redress violations. And it recommends new initiatives to improve individuals' access to data protection remedies in EU member states.

Data protection law exists to controls how people's personal information is used by organisations, businesses or the government. The University of Nottingham research—investigating the situation in the UK—suggests that most data protection violations arise from internet-based activities, direct marketing, financial violations such as credit card fraud and video surveillance.

The majority of problems encountered related to the processing of personal data, such as the unjustified transfer of personal data to third parties, improper and excessive collection and storage, storage or inaccurate information and unlawful disclosure. Other violations were connected to the rights of the data subject to access their personal data including refusal to access or to correct .

The desk and fieldwork research by HRLC examined the existing procedures and the legal consequences concerning data protection violations in the UK. Professor David Harris, HRLC Co-Director and Professor Emeritus, said:

"More and more information is being stored about individuals both by government and privately. This project revealed the great harm that the recording of inaccurate information can cause individuals and the need for them to have accessible and effective remedies when this happens."

Victims 'not motivated' by money

The interviews conducted by HRLC identified the following key findings from the perspective of access to data protection remedies in the UK:

  • Victims are less likely to pursue their case in the courts as it is often time consuming, costly and difficult to provide evidence of a data protection violation; instead, most victims complain to the Information Commissioner's Office (the national data protection authority);
  • When seeking redress victims of data protection violations are not motivated by financial gain but rather wish to prevent the recurrence of similar data protection violations in the future due to their experiences of psychological and social distress;
  • There is a lack of legal expertise in the area of data protection and a lack of resources allocated to organisations who do specialise in the area of data protection;
  • The civil society organisations are crucial to the individual by providing advice, legal assistance and representation, as well as playing a part in publicising and raising awareness around data protection issues.

The findings are also consistent with the overall conclusions of the FRA report that explain why the available redress mechanisms are not widely used by capturing the experiences and views of key stakeholders involved in the enforcement and use of redress mechanisms. This includes the national data protection authority, leading legal practitioners on data protection, consumer protection organisations, governmental departments and other non-governmental organisations.

The report recommends the following initiatives to improve individual's access to data protection remedies in EU Member States:

  • Raising public awareness of complaint mechanisms, including the existence and role of national data protection authorities;
  • Strengthening the independence and resources of data protection authorities;
  • Data protection training for legal professionals so they can offer more informed advice.

Explore further: Spain watchdog fines Google for privacy 'violations' (Update)

More information: Read the full report: … ies-eu-member-states

Related Stories

Data violations unpunished in EU: rights agency

May 7, 2010

Data protection in many European countries suffers from a lack of funds, staff, independence and most importantly, a lack of sanctions for violators, the EU's rights agency reported Friday.

EU lays down steps US must take to protect data

November 27, 2013

The EU on Wednesday laid down steps Washington must take to restore trust after a huge spying scandal, including giving EU citizens the right to US legal redress to protect personal data.

'Surveillance minimization' needed to restore trust

January 22, 2014

Surveillance minimisation - where surveillance is the exception, not the rule - could help rebuild public trust following revelations about the collection of personal data, according to a law academic from the University ...

Germany fines Google for privacy violations

April 22, 2013

German authorities said on Monday they had fined Google for illegally collecting massive amounts of personal data including emails, passwords and photos while setting up its disputed Street View service.

Recommended for you

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.