Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

EU countries slow to implement the Data Protection Directive [1998] PLBIRp 32; (1998) 46 Privacy Laws and Business International Report 3

EU countries slow to implement the Directive

ONLY FOUR COUNTRIES made the deadline of 24th October to introduce new legislation to implement the EU Data Protection Directive. The delay may be welcomed by the United States, but the European Commission may take infringement measures.

Italy (PL&B May ‘98 p.8), Greece

(PL&B May ‘98 p.6), Sweden (pp. 7-

8) and Portugal (to be featured in the next issue) are the four countries which met the implementation dead- line of 24th October 1998. The new laws are already in force in these countries. The UK, of course, has adopted a new law, but this will not be in force until the secondary legislation has been adopted. This is unlikely to happen until early 1999. Some member states have not even introduced bills into their respective parliaments.

GERMAN DELAY DUE TO ELECTION

In Germany, there has been an addi- tional delay due to recently held elections and a new Government. The new coalition Government of the Green Party and the Social Democrats are currently preparing a draft bill. It may be several months before Germany has a new Federal Data Protection Act.

Meanwhile the Lä nder have started preparing their state laws. Hessen was the first Bundesland to implement the directive. The amend- ments to the existing state law, adopted on 28th October, are now in force despite the fact that the existing federal law has yet to be amended.

The federal law will apply to different sectors. The revised Hessen law applies to the state’s public sector agencies; however, provisions for the private sector will be determined by the new federal law.

ROUNDUP OF PROGRESS TOWARDS LEGISLATION

The situation in mid-November was as follows:

1. In Finland, the bill for a new data protection law was submitted to Parliament in September. It has now progressed to the committee stage. The Finnish Parliament aims to have the law adopted by the end of December, and to enter it into force by the beginning of 1999.

2. Belgium is close to adopting a law. The House of Representatives approved the bill in early November and as of mid-November, the Bill was awaiting approval from the Senate. If the Senate requires further changes, there will be another 6 weeks delay. The law could be adopted by the end of November, although the need for statutory instruments to be drafted after the adoption of the law, means that the new law will not be in force for at least another 3-4 months.

3. In Denmark, a bill was published at the beginning of October, and had its first reading in Parliament on 20th October. The bill has now been passed to the legal committee. It is unlikely that the bill will pass through Parliament this year.

4. In the Netherlands, although a draft bill was presented to the Second Chamber in February, because of elections, there has been a delay in adopting a new law.

5. In July, the Spanish Government adopted a bill which is currently being reviewed in Parliament.

6. Austria was still finalising its bill at the end of October.

7. Ireland is still in the process of drafting a new bill which, at mid-November, was expected to be published soon.

8. In France the bill has yet to be drafted by the Government.

9. Luxembourg is still waiting to present a bill to Parliament.

EU MAY TAKE INFRINGEMENT MEASURES

It is not uncommon for member mtates to be late in implementing EU directives. The European Commission has the option to begin infringement procedures against those member states which have sub- stantially missed the deadline of October 24th for transposing the Directive. The first measure taken would be a formal notice letter. The next step would involve member states being taken to the European Court of Justice for not implementing the directive on time.

Data controllers in member states without new laws must remember that individuals can take their cases to national courts if they suffer damage as a direct result of the directive not being implemented on time. Data controllers are also obliged to inter- pret their existing laws in the light of the directive, even if it has not yet been implemented.