Richard Thomas, the Information Commissioner, claimed in a privacy conference in Cambridge on 8 July 2008 that Europe's data protection laws are "no longer fit for purpose". He described them as being increasingly seen as out of date, bureaucratic and excessively prescriptive. He accused the legislation of showing its age and failing to meet new challenges to privacy, particularly in regard to the transfer of personal details across international borders and the huge growth in personal information online.

He also revealed that his office has commissioned a research organisation Rand Europe to carry out a study of the strengths and weaknesses of the law which will be fed into a review being undertaken by the European Commission. This move comes as critics said that the prescriptive nature of privacy laws could unintentionally harm key areas of medical research for example or failing to provide sufficient protection for consumers in other areas.

This was followed by the annual report of the Information Commissioner’s Office on 15 July 2008, in which Mr Thomas criticised the excess of personal data stored “without debate or justification.” He particularly criticised Government plans for increased access to the telephone and internet records of millions of British citizens, describing the plans in a national newspaper as being liable to turn “the entire population into potential suspects.” He emphasised the need for a fully transparent process and full public debate before the legislation was laid before Parliament. He noted that the increase of surveillance of citizens went far beyond notions of Data Privacy and touched on the relationship between the citizen and Government. He also signalled his intention to use new provisions of the Criminal Justice and Immigration Act 2008 to punish companies and Government departments which failed to properly handle personal data.

Mr Thomas's comments will be seen as unhelpful by the Government who have recently bolstered the existing data protection laws in the UK. However, his comments reflect the concerns of a British business community, who are increasingly perplexed by the multiplicity of myths, rules and regulations in relation to this area, and concerns about balancing the need for respect for the personal data of individuals with the ever increasing need for effective and fast flow of information in the digital age. It also signals the vital role of the Information Commissioner in protecting the data of millions of people, and ensuring that those who mishandle it, from the heights of Government to the city, are aware of the consequences of a failure to protect it.