Data Protection in UK Law

Leading Cases
  • Durant v Financial Services Authority
    • Court of Appeal
    • 08 Dic 2003

    As a matter of practicality and given the focus of the Act on ready accessibility of the information —whether from a computerised or comparably sophisticated non-computerised system —it is likely in most cases that only information that names or directly refers to him will qualify.

    It is information about his complaints and the objects of them, Barclays Bank and the FSA respectively. His claim is a misguided attempt to use the machinery of the Act as a proxy for third party discovery with a view to litigation or further investigation, an exercise, moreover, seemingly unrestricted by considerations of relevance.

  • Rugby Football Union v Consolidated Information Services Ltd
    • Supreme Court
    • 21 Nov 2012

    These include: (i) the strength of the possible cause of action contemplated by the applicant for the order: Norwich Pharmacal at p 199F-G per Lord Cross of Chelsea, Totalise plc v The Motley Fool Ltd [2001] EMLR 750 at first instance para 27 per Owen J, Clift v Clarke [2011] EWHC 1164 (QB) paras 14, 38 per Sharp J; (ii) the strong public interest in allowing an applicant to vindicate his legal rights: British Steel at 1175C-D per Lord Wilberforce, Norwich Pharmacal at p 182C-D per Lord Morris of Borth-y-Gest, 188E-F per Viscount Dilhorne; (iii) whether the making of the order will deter similar wrongdoing in the future: Ashworth at para 66 per Lord Woolf CJ; (iv) whether the information could be obtained from another source: Norwich Pharmacal at 199F-G per Lord Cross, Totalise plc at para 27, President of the State of Equatorial Guinea v Royal Bank of Scotland International [2006] UKPC 7 at para 16 per Lord Bingham of Cornhill; (v) whether the respondent to the application knew or ought to have known that he was facilitating arguable wrongdoing: British Steel per Lord Fraser at 1197A-B, or was himself a joint tortfeasor, X Ltd v Morgan-Grampian (Publishers) Ltd [1991] 1 AC 1, 54 per Lord Lowry; (vi) whether the order might reveal the names of innocent persons as well as wrongdoers, and if so whether such innocent persons will suffer any harm as a result: Norwich Pharmacal at 176B-C per Lord Reid; Alfred Crompton Amusement Machines Ltd v Customs and Excise Commissioners (No 2) [1974] AC 405, 434 per Lord Cross; (vii) the degree of confidentiality of the information sought: Norwich Pharmacal at 190E-F per Viscount Dilhorne; (viii) the privacy rights under article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms of the individuals whose identity is to be disclosed: Totalise plc at para 28; (ix) the rights and freedoms under the EU data protection regime of the individuals whose identity is to be disclosed: Totalise plc v The Motley Fool Ltd at paras 18–21 per Owen J; (x) the public interest in maintaining the confidentiality of journalistic sources, as recognised in section 10 of the Contempt of Court Act 1981 and article 10 ECHR: Ashworth at para 2 per Lord Slynn of Hadley.

  • Common Services Agency v Scottish Information Commissioner (Scotland)
    • House of Lords
    • 09 Jul 2008

    In my opinion there is no presumption in favour of the release of personal data under the general obligation that FOISA lays down. The guiding principle is the protection of the fundamental rights and freedoms of persons, and in particular their right to privacy with respect to the processing of personal data: see recital 2 of the preamble to, and article 1(1) of, the Directive.

  • Grow With Us Ltd v Green Thumb (UK) Ltd
    • Queen's Bench Division
    • 17 Feb 2006

    The ventilation of the Data Protection Act 1998 issues which I have considered was solely in witness statements and in the course of the trial by argument. The point taken by Mr. Coppel in paragraphs 25 and 26 of his written outline closing submissions was not taken until then. In those circumstances it is perhaps unsurprising that the franchisor had not produced its certificate of registration under the Data Protection Act 1998.

  • Alireza Ittihadieh v 511 Cheyne Gardens Rtm Company Ltd and Others
    • Court of Appeal
    • 03 Mar 2017

    Even so, it is not an obligation to supply documents: Dunn v Durham CC [2012] EWCA Civ 1654, [2013] 2 All ER 213 at [16]. It is of critical importance to distinguish between the two. Although it may be more convenient and cheaper in some cases for a data controller to supply copy documents, there is no legal obligation to do so. This is, I think, borne out by article 12 of the Directive which requires the data controller to inform the data subject of the " categories of data concerned".

  • Dr DB v The General Medical Council
    • Queen's Bench Division
    • 23 Set 2016

    It also emphasised the GMC's legitimate interest in transparency and concluded 'Failure to disclose the findings of an independent expert would most likely be a breach of the Human Rights Act in terms of obligations to protecting the health, as well as the rights and freedoms of the data subject (i.e. [P]'s).

See all results
Books & Journal Articles
  • DATA PROTECTION: THE FIRST DECADE
    • Núm. 2-4, Abril 1994
    • Journal of Financial Regulation and Compliance
    This paper considers the effectiveness of the Data Protection Act since its launch in 1984. The National Audit Office prepared a report in 1993, which was critical of the Data Protection Registrar,...
  • Data protection report.
    • Vol. 31 Núm. 5, Octubre 2001
    • Database and Network Journal
    ..."All organisations must make themselves and their employees aware of data protection and its related legislation. If not, they face potential compensation payouts, fines and, in certain circumstances, even imprisonment, according to `Data Protection ......
  • Data protection warning.
    • Núm. 2002, Mayo 2002
    • Financial Management (UK)
    ...Data protection is causing concern to UK members, according to CIMA's Technical Advisory Service (TAS). One member received a letter telling him that he had to register if he was holding personal information about clients on his personal computer. On......
  • Externalizing Europe: the global effects of European data protection
    • Núm. 21-1, Enero 2019
    • Digital Policy, Regulation and Governance
    Purpose: This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the transatlantic ...
See all results
Law Firm Commentaries
  • BREXIT: Data Protection
    • JD Supra United Kingdom
    • K&L Gates LLP
    • 18 de Julio de 2016
    This Brexit Bite assesses the post-Brexit landscape with respect to the UK’s data protection laws. It is important to remember that the UK remains a member of the European Union until the terms of ...
  • Privacy Shield ' Data Protection Bites Again
    • Mondaq UK
    • 12 de Agosto de 2020
  • UK Data Protection Bill Published
    • LexBlog United Kingdom
    • Squire Patton Boggs
    • 22 de Septiembre de 2017
    In line with the EU General Data Protection Regulation (GDPR), the UK has now published a Data Protection Bill, which is intended to “make our data protection laws fit for the digital age…” The Ove...
  • UK Introduces Draft Data Protection Bill
    • JD Supra United Kingdom
    • Alston & Bird
    • 27 de Septiembre de 2017
    A few days ago the UK’s Department for Digital, Culture, Media & Sport introduced the Data Protection Bill 2017 (“the Bill”). Once adopted by the legislature, the Bill will replace the Data Pro...
See all results