Saturday 25 January 2014

The Fundamental Rights Agency sets on a collision course with EU Member States

On Monday, the Fundamental Rights Agency will publish a (59 page) report on access to data protection remedies in EU Member States. The Ministry of Justice is likely to take its allocation of the reports and stuff them straight into the ICO’s furnace.


The report, based on interviews with some 350 relatively knowledgeable individuals, examines the nature of data protection violations and highlights the obstacles that victims face as they seek redress. Only a few European citizens are aware of their data protection rights, and there is a lack of legal expertise in the field. Those who do make complaints inevitably use their national data protection authorities, but these often suffer from a lack of resources and powers.

The FRA’s conclusions and recommendations are predictable:

First, the EU should harmonise data protection rules across EU Member States, and increase the sanction powers that should be made to national regulators. And, these regulators should be independent from external control both for allocating and spending funds and recruiting personnel: “Such independence is particularly important since data protection authorities also have to address data protection violations by the state. Moreover, they must be equipped with proper procedures, sufficient powers and adequate resources, including qualified professionals to make use of these procedures and powers.”

Second, the EU should increase funding for civil society organisations and other bodies in the third sector to help victims who seek redress, including collective redress where appropriate.

Next, Member states should sponsor public awareness campaigns to encourage people to take more interest in asserting their rights, and provide better training to judges and lawyers to underline the importance of these rights.

Finally, Data Protection Authorities: “Should focus awareness of their existence and role, cultivating their public profile as independent guardians of the fundamental right to date protection. They should seek closer cooperation with other guardians of fundamental rights such as equality bodies, human rights institutions and civil society organisations.”

The FRA's solution is relatively simple. Spend more public resources and ensure people take a more active interest in asserting their rights.

But, there remains a big problem. Member states won't allocate sufficient public money available to address these recommendations. In a number of respects, some supervisory authorities (and the Governments of some Member States) don't agree with the proposed solutions, anyway. 

In the UK, for example, the ICO is planning to reduce the resources that are allocated to investigate complaints that don’t inform and are not aligned with the ICO’s strategic priorities. (Which means not dealing with an lot of petty complaints)  Whether this is a decision that is been willingly taken by the ICO, or in response to a funding squeeze imposed by the Government, is not an issue for this blog.  But other data protection authorities have already taken, and move are considering, this approach, given the realities of their own funding positions. European data protection authorities are increasingly having to be selective to be effective.

So a report like this, emerging from a Vienna-based organisation that I must confess I had never heard of before, (despite it already being 7 years old), is very unlikely to be welcomed with open arms by those who will have to meet the implementation costs.  No, the report does not contain a compliance cost assessment, but then again, when it comes to protecting fundamental human rights, who does care about the associated price tag?

Perhaps I should offer a prize to the first person who spots a reference to the report in the Parliamentary journal, Hansard. It could be some time before British Parliamentarians formally note that the report urges a higher level of public spending to ensure adequate data protection remedies.

Perhaps I should also offer a prize to the first person who sends me a selfie of themselves wearing one of the FRA's great  baseball caps, which were freely available from the FRA's stall at the recent CPDP conference in Brussels. They are great caps, and I have every intention of wearing mine regularly.


ISBN 978-92-9239-309-0