Just a brief note on my pet obsession; should data controllers and data subjects in the UK know why the European Commission claims that the Data Protection Act 1998 is a defective implementation of Directive 95/46/EC? The good news is that I have obtained a Decision Notice that requires some of the full details to be provided to me; the bad news is that the Government has 35 days to appeal.
I should explain why I think the Government are treating this subject as if I had asked for some state secret which makes one vulnerable to extraordinary rendition. The main exemption used is section 27 (prejudice to international relations) which on the face of it appears laughable; I don’t think anything about data protection will cause any international rumpus or the withdrawal of ambassadors. But this is what is being argued – so why?
Underpinning the requested information is a threat of infraction proceedings against the UK; these have been pending since Durant (another obsession!) in 2003. I have had to argue that the threat of infraction proceedings is very limited (after 9 years of inaction by the Commission, they are hardly going to embark on legal proceedings given the Regulation); but it is this threat of infraction that explains why the UK/Commission FOI shutters are firmly closed.
Infraction proceedings are considered when any Member State has not implemented a Directive (i.e. any Directive of which there is a great number). Thanks to the case of Petrie (Case T-191/99 Petrie and Others v Commission  ECR II-3677), a case determined by the European Court of Justice over a decade ago, details of infraction proceedings are not published because of confidentiality concerns and the risk to legal proceedings.
This has resulted in very little information being released. For instance, Guardian Journalist, Rob Edwards, tried to get some very limited details about infractions but anything substantial was rebutted on Petrie grounds (see Decision 196/2007 Mr Rob Edwards and the Scottish Ministers).
The Petrie decision is used by the European Commission to justify not providing details about any infraction proceeding; in many instances Member States are also not keen for these details to be published. The result is a hermetically sealed system where nothing about infraction proceedings is published and what is given out is done so grudgingly – even to national Parliaments. The only relaxation is when the Commission or Member State decides it is in their interest to provide details. And this is about ANY DIRECTIVE.
So do you think the public or national Parliaments should know why infraction proceedings are occurring? The European Ombudsman thinks so; that is why he supported my case to extract a very minimal information from the European Commission. This took four years, believe it or not (see references)! If it wasn’t for the Ombudsman, there would be nothing.
However, like a hole in a dam, the breach is widening. My FOI request is now a significant chink the Petrie position. For the first time, there is a prospect of significant details of the information underpinning infraction proceedings being published in the absence of any approval or agreement from the Commission and European Government.
This argument can be applied to any Directive. That is why the “obsessive” battle is important; it also explains why I am expecting an Appeal.
The Decision Notice:Download FS50411133_for blog May 2012
If you want summary details of why the European Commission thinks the UK Act is defective see:
http://amberhawk.typepad.com/amberhawk/2011/02/european-commission-explains-why-uks-data-protection-act-is-deficient.html (Commission’s view; this took 4 years)
http://amberhawk.typepad.com/amberhawk/2011/05/privacy-new-government-revelations-amplify-concerns-surrounding-deficiencies-in-uks-data-protection-.html (UK summary of the Commission’s view – more substantial; released because the Commission released details)
The following reference relates to the reply that the Government has made to the Commission (this information is still “top secret”): http://amberhawk.typepad.com/amberhawk/2011/10/what-is-wrong-with-the-data-protection-act-foi-infraction-saga-hits-the-buffers.html