Personal Data in UK Law

In this Topic
Leading Cases
  • Durant v Financial Services Authority
    • Court of Appeal (Civil Division)
    • 08 Dic 2003

    The question is the meaning of the words "relate to" in the opening words of the definition, in particular to what extent, if any, the information should have the data subject as its focus, or main focus. Miss Houghton, on behalf of Mr. Durant, pitched Mr. Durant's entitlement to information under section 7 in very broad terms, relying on what she described as the extremely wide and inclusive definition of "personal data" in section 1(1).

    As a matter of practicality and given the focus of the Act on ready accessibility of the information —whether from a computerised or comparably sophisticated non-computerised system —it is likely in most cases that only information that names or directly refers to him will qualify.

    It follows from what I have said that not all information retrieved from a computer search against an individual's name or unique identifier is personal data within the Act. Mere mention of the data subject in a document held by a data controller does not necessarily amount to his personal data.

  • Alireza Ittihadieh v 511 Cheyne Gardens Rtm Company Ltd and Others
    • Court of Appeal (Civil Division)
    • 03 Mar 2017

    In some cases, it has been said that the supply of information does not tell the data subject anything he or she did not already know. To take a simple example: everyone knows their own name and date of birth. Moreover where the focus of a SAR is (as is often the case) a request for copies of documents rather than personal data, the fact that the data subject was either the author or recipient of the document in question would also be highly relevant to the exercise of discretion.

    Even so, it is not an obligation to supply documents: Dunn v Durham CC [2012] EWCA Civ 1654, [2013] 2 All ER 213 at [16]. It is of critical importance to distinguish between the two. Although it may be more convenient and cheaper in some cases for a data controller to supply copy documents, there is no legal obligation to do so. This is, I think, borne out by article 12 of the Directive which requires the data controller to inform the data subject of the " categories of data concerned".

  • Common Services Agency v Scottish Information Commissioner (Scotland)
    • House of Lords
    • 09 Jul 2008

    But in my opinion the fact that the Agency has access to this information does not disable it from processing it in such a way, consistently with recital 26 of the Directive, that it becomes data from which a living individual can no longer be identified.

  • R (on the application of Catt) v Metropolitan Police Commissioner; R (on the application of T) v Metropolitan Police Commissioner
    • Supreme Court
    • 04 Mar 2015

    For this purpose, the rules need not be statutory, provided that they operate within a framework of law and that there are effective means of enforcing them. Their application, including the manner in which any discretion will be exercised, should be reasonably predictable, if necessary with the assistance of expert advice. It is enough that it lays down principles which are capable of being predictably applied to any situation.

See all results
Legislation
See all results
Books & Journal Articles
See all results
Law Firm Commentaries
See all results

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT