The Directive itself orders that the
Commission produce reports on the workings of the legislation. The
first of those, in 2003, reported that work had to be done in order
to ensure that the Directive was working. The Commission has just
reported on the progress of the work programme contained in that
report.
"The Commission considers that the Data
Protection Directive constitutes a general legal framework which
fulfils its original objectives by constituting a sufficient
guarantee for the functioning of the internal market while ensuring
a high level of protection," said the report. "It gives shape to
the fundamental right to protection of personal data; respect of
its rules should ensure trust of the individuals on the way their
information is used, a key condition for the development of the
e-economy; it sets a benchmark for initiatives in a number of
policy areas; it is technologically neutral and continues to
provides solid and appropriate responses to these
issues."
"Therefore, the Commission does not envisage
submitting any legislative proposal to amend the Directive," said
the report.
The report said that the Directive, which was
groundbreaking when passed, has been a success. "It protects
individuals against general surveillance or undue discrimination on
the basis of the information others hold on them," it said. "The
trust of consumers that personal details they provide in their
transactions will not be misused is a condition for the development
of e-commerce. Business operate and administrations cooperate
throughout the Community without fearing that their international
activities be disrupted because personal data they need to exchange
are not protected at the origin or the destination."
The Commission reported that every European
member state has now transposed the Directive into national law,
but that some countries have not implemented it properly.
"Some member states have failed to incorporate
a number of important provisions of the Directive. In other cases,
transposition or practice has not been conducted in line with the
Directive or has fallen outside the margin of manoeuvre left to
member states," it said.
"One concern is respect for the requirement
that data protection supervisory authorities act in complete
independence and are endowed with sufficient powers and resources
to exercise their tasks. These authorities are key building blocks
in the system of protection conceived by the Directive, and any
failure to ensure their independence and powers has a wide-ranging
negative impact on the enforcement of the data protection
legislation."
The Commission said that it would conduct a
survey of countries' implementations and take action against
countries which refuse to bring their law into line with the
Directive.
"Some member states have acknowledged the
existence of their legislative shortcomings and have committed
themselves to introducing the necessary corrections, something the
Commission strongly encourages," said the Commission's report.
"Other problematic issues have been raised in complaints by
citizens. Where a breach of Community Law remains, the Commission,
as guardian of the Treaties, will open formal infringement
procedures against the Member States concerned, in accordance with
Article 226 EC. A number of such proceedings have already been
opened."
