Author: info@amberhawk.com

First of all Happy New Year; I hope the recent festive excitement was not too infectious.  Indeed, with the risky policy of letting Omicron rip, let us hope there are not too many ex-data subjects, possibly as a result of the collapse of essential services. I am starting the Year with a real treat; I have been given permission to publish the personal views of Rosemary Jay as submitted to the DCMS consultation “Data: a new direction” (see link at

This blog comprises the response of Amberhawk Training Limited to the DCMS Consultation document “Data: a new direction”  (the “Consultation”).  Amberhawk is a training company established in 2000; its Directors have over 40 years’ experience in training those who are responsible for data protection in an organisation. The response is over 15,000 words and takes the form of 7 blogs, each of which are about 2,300 words long.  They were published during the consultation period which ends tonight and have been

The DCMS Consultation document “Data: a new direction”  (the “Consultation”) proposes to tip the balance between the interests of controllers and the interests of data subject in favour of the controller.  This blog looks at the proposals, not in the context of how beneficial they are for controllers, but rather in the context of how they weaken the privacy protection afforded to data subjects. The weakening provisions being mooted include: Introducing a fee arrangement for subject access which has a

Summary introduction The DCMS propose to change the duties of the Information Commissioner (ICO) in such a way that they decrease the prospect of enforcement on data protection grounds; in this way the changes reduce the protection afforded to data subjects. This prospect arises as the Commissioner will have a duty to consider factors relating to the economy, public safety or the Government’s international agenda prior, for example, to exercising the ICO’s powers of enforcement against a controller. The Secretary

The Government intend to change the accountability arrangements in the UK_GDPR in such a way that it will become harder to hold controllers to account.  In summary, Chapter 2 of the DCMS Consultation document (“Data: a new direction”) makes two main proposals in relation to accountability: to reduce or remove the requirement to undertake DPIAs (A.35 and A.36); to reduce or remove the requirement to have a Data Protection Officer (A.37-A.39); to remove the need to create a register of

The Government proposes that the “Legitimate Interests” balancing test between controller and data subject in A.6(1)(f) is changed so that the controller’s legitimate interests always prevails in a limited number of pre-defined circumstances. As far as I can see, this proposal is based on a false data protection analysis and illustrated by examples that show that no change is needed. If the controller’s legitimate interests always prevails, it follows that the data subject’s right to object to the processing and

This blog is limited to commentary on the Government’s proposals for the Further Processing of personal data found in section 1.3 of the DCMS Consultation document (“Data: a new direction”). In summary, the Consultation proposes to exempt the application of the Purpose Limitation (or Finality) Principle whenever there is an important public interest in the further processing; this further processing could be undertaken by a controller different to the one that collected the personal data.  As this blog shows, the

This blog concerns the Government’s proposals for the processing of personal data for research purposes; they are unreliable, untrustworthy and unethical.  For instance, I show how the proposals are so “flexible” they can allow for secret research, using of special category of personal data or criminal offence personal data, similar to the “research” that gave rise to the Cambridge Analytica scandal. The proposals relating to research The commentary is limited to the proposals in Section 1.2 (paragraphs 34-50) of the