Data Protection in UK Law

Leading Cases
  • Durant v Financial Services Authority
    • Court of Appeal (Civil Division)
    • 08 December 2003

    In conformity with the 1981 Convention and the Directive, the purpose of section 7, in entitling an individual to have access to information in the form of his "personal data" is to enable him to check whether the data controller's processing of it unlawfully infringes his privacy and, if so, to take such steps as the Act provides, for example in sections 10 to 14, to protect it.

    It follows from what I have said that not all information retrieved from a computer search against an individual's name or unique identifier is personal data within the Act.

  • Rugby Football Union v Consolidated Information Services Ltd
    • Supreme Court
    • 21 November 2012

    These include: (i) the strength of the possible cause of action contemplated by the applicant for the order: Norwich Pharmacal at p 199F-G per Lord Cross of Chelsea, Totalise plc v The Motley Fool Ltd [2001] EMLR 750 at first instance para 27 per Owen J, Clift v Clarke [2011] EWHC 1164 (QB) paras 14, 38 per Sharp J; (ii) the strong public interest in allowing an applicant to vindicate his legal rights: British Steel at 1175C-D per Lord Wilberforce, Norwich Pharmacal at p 182C-D per Lord Morris of Borth-y-Gest, 188E-F per Viscount Dilhorne; (iii) whether the making of the order will deter similar wrongdoing in the future: Ashworth at para 66 per Lord Woolf CJ; (iv) whether the information could be obtained from another source: Norwich Pharmacal at 199F-G per Lord Cross, Totalise plc at para 27, President of the State of Equatorial Guinea v Royal Bank of Scotland International [2006] UKPC 7 at para 16 per Lord Bingham of Cornhill; (v) whether the respondent to the application knew or ought to have known that he was facilitating arguable wrongdoing: British Steel per Lord Fraser at 1197A-B, or was himself a joint tortfeasor, X Ltd v Morgan-Grampian (Publishers) Ltd [1991] 1 AC 1, 54 per Lord Lowry; (vi) whether the order might reveal the names of innocent persons as well as wrongdoers, and if so whether such innocent persons will suffer any harm as a result: Norwich Pharmacal at 176B-C per Lord Reid; Alfred Crompton Amusement Machines Ltd v Customs and Excise Commissioners (No 2) [1974] AC 405, 434 per Lord Cross; (vii) the degree of confidentiality of the information sought: Norwich Pharmacal at 190E-F per Viscount Dilhorne; (viii) the privacy rights under article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms of the individuals whose identity is to be disclosed: Totalise plc at para 28; (ix) the rights and freedoms under the EU data protection regime of the individuals whose identity is to be disclosed: Totalise plc v The Motley Fool Ltd at paras 18–21 per Owen J; (x) the public interest in maintaining the confidentiality of journalistic sources, as recognised in section 10 of the Contempt of Court Act 1981 and article 10 ECHR: Ashworth at para 2 per Lord Slynn of Hadley.

  • Common Services Agency v Scottish Information Commissioner (Scotland)
    • House of Lords
    • 09 July 2008

    In my opinion there is no presumption in favour of the release of personal data under the general obligation that FOISA lays down. The guiding principle is the protection of the fundamental rights and freedoms of persons, and in particular their right to privacy with respect to the processing of personal data: see recital 2 of the preamble to, and article 1(1) of, the Directive.

  • Grow With Us Ltd v Green Thumb (UK) Ltd
    • Queen's Bench Division
    • 17 February 2006

    The ventilation of the Data Protection Act 1998 issues which I have considered was solely in witness statements and in the course of the trial by argument. The point taken by Mr. Coppel in paragraphs 25 and 26 of his written outline closing submissions was not taken until then. In those circumstances it is perhaps unsurprising that the franchisor had not produced its certificate of registration under the Data Protection Act 1998.

  • Alireza Ittihadieh v 511 Cheyne Gardens Rtm Company Ltd and Others
    • Court of Appeal (Civil Division)
    • 03 March 2017

    Even so, it is not an obligation to supply documents: Dunn v Durham CC [2012] EWCA Civ 1654, [2013] 2 All ER 213 at [16]. It is of critical importance to distinguish between the two. Although it may be more convenient and cheaper in some cases for a data controller to supply copy documents, there is no legal obligation to do so. This is, I think, borne out by article 12 of the Directive which requires the data controller to inform the data subject of the " categories of data concerned".

  • Dr DB v The General Medical Council
    • Queen's Bench Division
    • 23 September 2016

    It also emphasised the GMC's legitimate interest in transparency and concluded 'Failure to disclose the findings of an independent expert would most likely be a breach of the Human Rights Act in terms of obligations to protecting the health, as well as the rights and freedoms of the data subject (i.e. [P]'s).

See all results
See all results
Books & Journal Articles
    • No. 2-4, April 1994
    • Journal of Financial Regulation and Compliance
    • 350-355
    This paper considers the effectiveness of the Data Protection Act since its launch in 1984. The National Audit Office prepared a report in 1993, which was critical of the Data Protection Registrar,...
  • Data Protection and the EPPO
    • No. 10-1, March 2019
    • New Journal of European Criminal Law
    The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection re...
  • Data protection warning.
    • No. 2002, May 2002
    • Financial Management (UK)
    • Institute News - Message from Chartered Institute of Management Accountants' Technical Advisory Service - Brief Article
    ...Data protection is causing concern to UK members, according to CIMA's Technical Advisory Service (TAS). One member received a letter telling him that he had to register if he was holding personal information about clients on his personal computer. On......
  • Effective Redress of Grievance in Data Protection: An Illusion?
    • No. 23-3, June 2016
    • Maastricht Journal of European and Comparative Law
    This article questions whether the current data protection legislative framework in the EU to provide effective redress of grievance for those who are affected by a breach of data protection law. I...
See all results
Law Firm Commentaries
  • BREXIT: Data Protection
    • JD Supra United Kingdom
    This Brexit Bite assesses the post-Brexit landscape with respect to the UK’s data protection laws. It is important to remember that the UK remains a member of the European Union until the terms of ...
  • UK Data Protection Bill Published
    • LexBlog United Kingdom
    In line with the EU General Data Protection Regulation (GDPR), the UK has now published a Data Protection Bill, which is intended to “make our data protection laws fit for the digital age…” The Ove...
  • UK 'must avoid data protection Brexit'
    • JD Supra United Kingdom
    According to the UK's new information commissioner, Elizabeth Denham, who was interviewed by the BBC, the UK “should adopt forthcoming EU data protection laws, despite its plan to leave the Union”....
  • UK Introduces Draft Data Protection Bill
    • JD Supra United Kingdom
    A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Protect...
See all results
See all results

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT