The core principles are hidden away in schedules, which themselves need to be interpreted in accordance with further schedules. The terminology, such as "data controllers" and "data processors", is manifestly unintuitive. And powers of deduction that Sherlock Holmes would be proud of are often required to determine when and how certain exceptions to the Act may apply.
No wonder that the Act is often misunderstood.
Customer service departments claim it prevents them giving you information relating to your own account. Schools claim it prevents parents taking photographs of their children at sports day. Sometimes the police have even claimed that it prevents them storing evidence.
But that is not to say that the Act can be ignored.
The Information Commissioner's Office (the ICO), the body charged with enforcing the Act, can issue fines of up to £500,000 for serious breaches. Embarrassingly the recipients of such fines include the Ministry of Justice, which was fined £140,000 last year for inadvertently disclosing a file with the details of over 1,000 inmates at a prison in Cardiff.
Yesterday Google, Inc learned that it will have to defend a claim for compensation for breach of the Act. This relates to the much-publicised US allegations that Google bypassed privacy settings on the Apple internet browser Safari, allowing third-party cookies to be installed on users' devices without consent.
And last month the ICO issued Guidance for app developers on how to comply with the Act when developing a mobile app.
It's not just about avoiding financial penalties. Apps that respect privacy are more likely to engender consumer confidence and less likely to create bad press. Privacy matters - but it also makes good business sense.