Category: Data Protection

This brief blog is to explain why, “in” or “out”, the UK has to implement the General Data Protection Regulation (GDPR). This is important given that some organisations might think that a “Leave” vote might change matters with respect to the GDPR compliance (especially as the Cabinet Minister responsible for GDPR implementation, John Whittingdale, is a prominent “outer”). Obviously, if the vote in June is for “Stay” then the UK remains a Member of the European Union (EU) and the

For a long time, I have been arguing that the national security agencies should apply the data protection principles to their processing of personal data subject, if necessary, to exemptions from subject access and fair processing requirements. Today’s report from the Joint Committee on the Draft Investigatory Powers Bill (DIP) supports that position. In summary, if the criminal intelligence processed by the police relating to serious crime can be subject to most data protection requirements without mishap (since the 1984 Act),

Tomorrow the Information Commissioner will give his views on the draft Investigatory Powers Bill (“the Bill”) to a cross party Parliamentary Committee examining the Bill. The Bill proposes a power for the national security agencies to collect Bulk Personal Datasets (BPD) by a warrant signed by the Secretary of State which is subject to review by a Judicial Commissioner (the “double lock”). A Bulk Personal Dataset is any collection of personal data, where the “majority of the individuals are not,

Government policy towards the wider use of the National Insurance Number (NINo) as a general identifier appears to have changed again. This ever shifting policy now illustrates that well know saying “What goes around comes around”. As is well known, the “general identifier” powers in the Data Protection Act (Schedule 1, paragraph 1(4)) have never been activated with respect to the NINo. This is because Government well knows that there are lots of data controllers using the NINo for all sorts of

Note added 5th Jan 2016: my blog of this date augments the text below Many commentators have said that identifying a likely bomber/terrorist is like looking for a needle in a haystack.  So what do you do? The choices are: (a) build the largest haystack about all the population because you know that the needle has to be in there “somewhere”; or (b) have the powers to look at all the relevant smaller haystacks that are around when you have

This blog explains the extent to which the national security agencies have been collecting bulk Communications Data using powers which are being exercised in a way that were never subject to Parliamentary scrutiny.  Such data collection is neither subject to the relevant Code of Practice covering communications data nor to scrutiny from the Regulator who was specifically tasked by Parliament to supervise the use of communications data. The blog comprises yet another lesson in the dangers of leaving wide ranging