Personal Data in UK Law
-
Durant v Financial Services Authority
“
In conformity with the 1981 Convention and the Directive, the purpose of section 7, in entitling an individual to have access to information in the form of his "personal data" is to enable him to check whether the data controller's processing of it unlawfully infringes his privacy and, if so, to take such steps as the Act provides, for example in sections 10 to 14, to protect it.
It follows from what I have said that not all information retrieved from a computer search against an individual's name or unique identifier is personal data within the Act.
There are two basic points to make about the scheme of sections 7(4)-(6), and 8(7), for balancing the interests of the data subject seeking access to his personal data and those of another individual who may be identified in such data. The first is that the balancing exercise only arises if the information relating to the other person forms part of the "personal data" of the data subject, as defined in section 1(1) of the Act.
-
Alireza Ittihadieh v 511 Cheyne Gardens Rtm Company Ltd and Others
“
In some cases, it has been said that the supply of information does not tell the data subject anything he or she did not already know. To take a simple example: everyone knows their own name and date of birth. Moreover where the focus of a SAR is (as is often the case) a request for copies of documents rather than personal data, the fact that the data subject was either the author or recipient of the document in question would also be highly relevant to the exercise of discretion.
Even so, it is not an obligation to supply documents: Dunn v Durham CC [2012] EWCA Civ 1654, [2013] 2 All ER 213 at [16]. It is of critical importance to distinguish between the two. Although it may be more convenient and cheaper in some cases for a data controller to supply copy documents, there is no legal obligation to do so. This is, I think, borne out by article 12 of the Directive which requires the data controller to inform the data subject of the " categories of data concerned".
-
Common Services Agency v Scottish Information Commissioner (Scotland)
“
But in my opinion the fact that the Agency has access to this information does not disable it from processing it in such a way, consistently with recital 26 of the Directive, that it becomes data from which a living individual can no longer be identified.
-
R (on the application of Catt) v Metropolitan Police Commissioner; R (on the application of T) v Metropolitan Police Commissioner
“
For this purpose, the rules need not be statutory, provided that they operate within a framework of law and that there are effective means of enforcing them. Their application, including the manner in which any discretion will be exercised, should be reasonably predictable, if necessary with the assistance of expert advice. It is enough that it lays down principles which are capable of being predictably applied to any situation.
-
Data Protection Act 2018
... ... 25, 34(3); S.I. 2022/582, reg. 2 ... PART 1: Preliminary ... 1: Overview ... (1) This Act makes provision about the processing of personal data ... (2) Most processing of personal data is subject to the F51UK GDPR ... (3) Part 2 supplements the F52UK GDPR ... (4) Part 3 makes ... ...
- The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019
- Pension Schemes Act 2021
- The Framework for the Free Flow of Non-Personal Data (Revocation) (EU Exit) Regulations 2021
-
Personal Data: The Act Begins to Bite
Managers responsible for personal data held on computer need to be aware of and comply with the terms of the Data Protection Act 1984. Registration and compliance with the eight data protection pri...
-
Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia
Purpose: The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal ...
-
Personal Data Protection and the First Implementation Semester of the Lisbon Treaty: Achievements and Prospects
This article presents the last developments arisen in the protection of personal data in the sector of police and judicial cooperation in criminal matters since the implementation of the Treaty of ...
-
Personal data and personalisation in media: experts’ perceptions of value, benefits, and risks
Purpose: Media users daily exchange personal data for “free” personalised media. Is this a fair trade, or user “exploitation”? Do personalisation benefits outweigh privacy risks? Design/methodolog...
-
Privacy Matters, Featuring a Personal Data Checklist
This issue of Privacy Matters examines the what, the where and the who regarding personal data. The infographic maps the flow of data to help determine what personal data a company might hold, wher...
-
Personal data security for pension scheme trustees
Cybersecurity and protection of personal data are increasingly to the forefront of concerns for pension trustees. The European General Data Protection Regulation (GDPR), applicable in the UK from 2...
-
COVID-19 Coronavirus: Protecting Employee Personal Data
Employers’ primary concern at this time will be the health and safety of their employees in the wake of what has been declared a global pandemic by the World Health Organization. However, employers...
- Deleting Personal Data
-
Annex B - Application for enforcement of a decision made or recognised in the requested state
Family forms including the form to apply for a non-molestation order or an occupation order (Form FL401).... ... (Article 10(1) b) ) ... CONFIDENTIALITY AND PERSONAL DATA PROTECTION NOTICE ... Personal data gathered or transmitted ... ...
-
Annex A - Application for recognition or recognition and enforcement
Family forms including the form to apply for a non-molestation order or an occupation order (Form FL401).... ... CONFIDENTIALITY AND PERSONAL DATA PROTECTION NOTICE ... Personal data gathered or transmitted ... ...
-
Annex C - Application for establishment of a decision
Family forms including the form to apply for a non-molestation order or an occupation order (Form FL401).... ... CONFIDENTIALITY AND PERSONAL DATA PROTECTION NOTICE ... Personal data gathered or transmitted ... ...
-
Annex D - Application for modification of a decision
Family forms including the form to apply for a non-molestation order or an occupation order (Form FL401).... ... CONFIDENTIALITY AND PERSONAL DATA PROTECTION NOTICE ... Personal data gathered or transmitted ... ...