The data protection act needs to be modernised to meet the technological challenges of the 21st century, according to the UK's privacy wartchdog.
The original law – an implementation of European legislation – is 10 years old this month.
European data protection law is increasingly seen as out of date, bureaucratic and excessively prescriptive, according to information commissioner Richard Thomas.
"It is showing its age and is failing to meet new challenges to privacy, such as the transfer of personal details across international borders and the huge growth in personal information online," he said. "It is high time the law is reviewed and updated for the modern world."
The information commissioner has assigned think tank RAND Europe to carry out a comprehensive assessment of the strengths and weaknesses of European Data Protection law with a view to finding avenues for reform.
RAND Europe won the ICO’s tender to carry out this comprehensive analysis against 19 other bids.
The study will be published in spring 2009.
The European Commission has also commissioned research into the adequacy of Data Protection regulations.