Accountability and the UK Data Protection Authority: From Cause for Data Subject Complaint to a Model for Europe?
11 Pages Posted: 12 Feb 2020 Last revised: 20 Aug 2020
Date Written: January 17, 2020
Abstract
European data protection has long emphasized the role of the Data Protection Authority (DPA) in ensuring relief for data subjects. However, taking the UK case an example, this article demonstrates that authorities can often adopt a highly discretionary and selective approach to data subject complaints. Although such a stance may appear justified by both the myriad types of potentially impactful processing and often generally poor compliance, it is precisely this environment makes a reasonably comprehensive approach regulatory important. However, whilst both the General Data Protection Regulation and increasingly Court of Justice jurisprudence specify important procedural and substantive duties for DPAs as regards complaints, a severe practical accountability gap may remain. It is argued that, notwithstanding disappointing case law to date, the UK’s recent empowerment of its accessible tribunal system to order the DPA to progress complaints could if robustly and broadly interpreted provide a valuable model of European DPA accountability going forward even after Brexit.
Keywords: data protection, judicial review, redress mechanisms, regulation, monetary penalties, privacy, tribunals
Suggested Citation: Suggested Citation