Companies and organisations face the prospect of random spot checks and more compensation claims after Europe called for the UK’s data protection watchdog to be given greater powers.
As of April this year, the Information Commissioner’s Office (ICO), has been able to impose fines of up to £500,000 for serious breaches of data protection.
However, experts at leading North law firm Ward Hadaway have warned that those powers could be extended still further.
Judy Baker, partner and head of data protection at Ward Hadaway, says that the European Commission has asked the Government to strengthen the ICO’s powers, allowing it to carry out random spot checks and giving individuals greater rights to pursue compensation for ‘moral’ damage when their personal data is used inappropriately.
Judy explained: “This request has come in the form of what is known as a Reasoned Opinion from the European Commission, and is the latest stage in the EC’s ongoing infringement procedures against the UK.
The EC has cited the following limitations as needing to be remedied:
• The ICO can neither perform random checks on people/organisations using or processing personal data, nor enforce penalties following the checks.
• The right to compensation for moral damage when personal information is used inappropriately is restricted. Currently compensation can only be claimed where there has been some form of financial loss; compensation for distress alone is available only in very narrow circumstances.
• The UK courts can refuse the right to have personal data rectified or erased.
• The ICO cannot monitor whether third countries’ data protection is adequate.
The EC says these assessments should come before international transfers of personal information. Currently, the ICO does not pre-approve exports of personal data to countries outside the European Economic Area; compliance is left to organisations to determine themselves.
Ward Hadaway advises a range of organisations in the private and public sectors on data protection issues and on ways they can minimise the danger of breaches.
Judy said: “If these changes are implemented as the EC intends, organisations will be more vulnerable to actions by either the ICO, individuals or both. Organisations really need to address the issue as a matter of urgency.”
