The future of UK data protection regulation

The UK Data Protection Act, 1998 has been in force for nearly 5 years, and is based on a European Directive that was initially proposed 15 years ago. In that time, both the technological environment and commercial business models have changed out of all recognition, notably in the areas of electronic commerce and mobile communications, leading to questions about the Act's continuing viability as the basis for an appropriate regulatory model for data protection in the Information Society. This paper examines why data protection regulation in the UK may have a rough ride ahead, and considers possible options for the future.