Most EU states not following data-protection rules
BRUSSELS -- The European Commission is proceeding with infringement proceedings against nine member states of the European Union for failing to comply with the data-protection directive that took effect last October, the Commission announced today.
The Commission has given France, Luxembourg, the Netherlands, Germany, the U.K., Ireland, Denmark, Spain and Austria two months to comply with the directive. Failure to meet this deadline will prompt the Commission to proceed with the final stage of EU infringement proceedings involving a complaint to the Luxembourg-based Court of Justice.
Condemnation by the Court of Justice can lead to the imposition of fines.
The data-protection directive took effect on Oct. 25, 1998, and establishes a common regulatory framework for data transmission that aims to ensure both a high level of privacy for the individual and the free movement of personal data within the EU. Provisions also limit the transfer of personal data to countries outside the EU that respect similar standards of data protection.
These provisions have led to more than two years of negotiations between the EU and the U.S. over whether the U.S. data-protection standards -- which depend largely on voluntary self-regulation -- meet the directive's standards. These discussions are continuing, but the fact that nine of the 15 member states have not even complied with the directive has taken much of the urgency out of these trans-Atlantic talks.
To date only Greece, Portugal, Sweden, Italy, Belgium and Finland have fully implemented the directive.