The Information Commissioner's Office have consistently failed to enforce these two important pieces of legislation, bringing the law into considerable disrepute.
The ICO blames its inaction on under resourcing, lack of enforcement powers, and lack of competence in IT.
Further, the European Union Agency for Fundamental Rights considered that the ICO lack adequate independence. The EUFRA notes a widespread disregard in the UK for the basic duty to register prior to data processing operations.
Examples of recent offences that have gone unpunished include the BT/Phorm affair (wherein the ICO took no action despite the abuse of private and confidential communications of 200,000 people and the organisations that served them), illegal covert nationwide harvesting of personal communication data using Google Streetview cars, and the T-Mobile personal data trading scandal (described by the Information Commissioner as the biggest of its kind).
If offences on this scale do not merit enforcement by the ICO, what is the point of the DPA/PECR laws?
Repealing the DPA and PECR would
- Relieve honest businesses of the cost and obligation of DPA registration
- Release staff into the local labour pool to perform productive work instead
- Vacate office space in Wilmslow for new and exciting small businesses
- Encourage UK citizens to take responsibility for their own privacy and protection
- Encourage responsible businesses to use strong encryption for all telecommunications
- Remove an unnecessary parasitic quango from Government
But above all, it would have no tangible effect on front line services at all.