Data protection and compliance in context - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Data protection and compliance in context

Description:

First iterations of data protection law at Council of Europe level were ... See the Campbell, Peck, Douglas & Zeta Jones, Prince of Wales, McKennitt, ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 10
Provided by: stewar84
Category:

less

Transcript and Presenter's Notes

Title: Data protection and compliance in context


1
Data protection and compliance in context
  • Stewart Room
  • Partner

19 November 2007
2
Data protection in context
  • First iterations of data protection law at
    Council of Europe level were concerned only with
    fundamental rights and freedoms, particularly the
    right to privacy.
  • European Community agenda introduced concern for
    free movement.
  • Within UK privacy legislation is contained in
    Human Rights Act, Data Protection Act, Regulation
    of Investigatory Powers Act etc. Parliament,
    regulators and the courts are obliged to act
    compatibly with European Convention on Human
    Rights.
  • The Courts have modified the domestic law of
    confidence to protect privacy where a reasonable
    expectation of privacy exists.
  • But, care must be taken in application of the
    law, so as not to damage other legitimate State
    interests and wider economic interests.

3
The development of privacy law
  • In 1991 the Court of Appeal would not prevent the
    publication of very sensitive personal
    information, since there was no actionable right
    of privacy
  • Kaye v. Robertson
  • But, in October 2000 the Human Rights Act came
    into force.
  • And only 18 months later, in March 2002, the
    Court of Appeal was able to confirm that where
    the protection of privacy is justified, an action
    for breach of confidence will provide the
    necessary protection
  • Flitcroft v. MGN
  • And now? See the Campbell, Peck, Douglas Zeta
    Jones, Prince of Wales, McKennitt, Princess
    Caroline cases etc.

4
What is driving the law forward?
  • (1) The introduction of the Human Rights Act 1998
    coupled with (2) the Governments adoption of
    advanced data processing techniques in the name
    of better public services are responsible for the
    rapid development of the law
  • HRA incorporated European Convention on Human
    Rights into UK law and imposes a legal obligation
    on Parliament, Courts and Regulators (as public
    bodies) to develop domestic law in order to give
    full effect to the right to privacy within
    Article 8
  • S.1 Incorporates ECHR into domestic law.
  • S.2 Courts to take account of decisions of
    European Court of Human Rights.
  • S.3 Legislation to be compatible with ECHR.
  • S.6 Public authorities to act compatibly with
    ECHR.
  • Government is sponsoring the development of
    massive databases of personal data and these need
    protecting
  • Children Act 2004.
  • Identity Cards Act 2006.
  • Greater data sharing within the public sector -
    if we get it right - has the potential to be
    hugely beneficial to the public, as individuals
    and to society as a whole. Hand in hand with this
    is the need to provide real reassurance that when
    personal data is shared, the Government is
    determined to ensure both its security and
    integrity. Dept for Constitutional Affairs
    consultation on What price privacy? (June
    2006).

5
Data protection overview
  • The Data Protection Act 1998 gives effect to the
    UKs obligations under the Council of Europe Data
    Protection Convention 1981 and the EC Data
    Protection Directive 1995.
  • It describes itself as an Act to make new
    provision for the regulation of the processing of
    information relating to living individuals.
  • The actors data controllers, data subjects and
    data processors.
  • Personal data information relating to an
    identified or identifiable living individual.
    See Durant v. FSA (2003) and Article 29 Working
    Party Opinion on the concept of personal data
    (2007).
  • The data controller is the person who carries the
    weight of the regulatory burdens. The controller
    must comply with the data protection principles.

6
Data protection principles
  • Fair and lawful processing and at least one
    criterion for legitimacy.
  • Obtaining for a specified, lawful purpose.
  • Processing to purpose.
  • Adequate, relevant, not excessive.
  • Accurate and kept up to data.
  • Data subject rights to be obeyed.
  • Security.
  • Prohibition on transfers to unsafe countries.

7
Regulatory mechanisms
  • Transparency notification to regulator, fair
    processing notices, information notices, subject
    access.
  • General rules on lawfulness first data
    protection principle and schedules 2 3.
  • The right to object processing that will cause
    substantial and unwarranted damage/ distress,
    direct marketing.
  • Criminal offences particularly section 55.
  • Other enforcement by the regulator.
  • Data subjects civil law remedies.

8
Hot topics
  • The surveillance society.
  • Unlawful trade in personal data.
  • Privacy enhancing technologies.
  • International transfers of data.
  • Internet and electronic communications.

9
Compliance
  • Intelligent processing there are only two kinds
    of data in the intelligent organisation.
  • Understanding the information lifecycle.
  • Classification of data.
  • Criterion for legitimacy.
  • Data protection principles and transparency
    mechanisms.
  • Compliance mechanisms practices, policies and
    procedures.
Write a Comment
User Comments (0)
About PowerShow.com