Richard Thomas, the former UK Information Commissioner predicted that the European Commission will issue a regulation rather than a directive as part of the overhaul of the EU data protection directive. Under EU law a regulation has immediate legal effect whereas a directive requires the EU member states to enact implementing legislation. The issuance of a regulation would finally harmonise data protection law across the EU member states. In addition Richard Thomas predicted that the issuance of a regulation would result in a standardised registration process for data controllers across the EU. Richard Thomas made his predictions at the 10th Annual Data Protection Compliance Conference which took place last week in London.
At the same conference the current Information Commissioner, Christopher Graham, complained about not having statutory powers to carry out audits in sectors that receive the most complaints and which cause him the most concern. Commissioner Graham’s complaint stems from the fact that under the UK Data Protection Act 1998 he must seek permission from organisations before being able to carry out an audit of their data protection practices. Commissioner Graham is seeking to extend his powers under the Coroners and Justice Act 2009 so that he can target those sectors most complained about which include car insurance companies and banking and building societies.