Category: Data Protection

Whilst awaiting the arrival of another enthralling, multi-megabyte, download about the General Data Protection Regulation, I started reading the judgement (Case Number IPT 14/85/CH), delivered by the Investigatory Powers Tribunal last February.  This is one of the cases between Privacy International and Government Communications Headquarters (GCHQ) which identified some unlawful processing of personal data by the latter (see references). Paragraph 109 of this Tribunal’s judgment refers to the National Security Certificates established by Section 28 of the DPA;  it states:

Now that last week’s General Election is done and dusted, what can we expect with respect to data protection from the new majority Conservative Government?  In summary, there is much in the first year program that could impact on privacy. In addition, given the SNP landslide in Scotland, there is the interesting question of whether or not Scotland will emerge with more privacy protection than the rest of the UK. The European “in-out” referendum After a negotiation, the Government intends

One of the papers published by the Intelligence and Security Committee (ISC) with its report into “Privacy and Security” contained a five-page memo from GCHQ’s legal advisers (see last week’s blog and references).  It suggests that the secret organisation is about to offer email services to the public in order to allay concerns about the mass retention of communications data. I have checked with a leading domain name registration company, and it appears that the first steps have already been

Suppose you are on a jury in a case about tax evasion.  What would you think of a defence on the lines: “the accused did not seek to circumvent the law”?  Would you accept this statement and return a not-guilty verdict? Well this, in summary, is what the Intelligence and Security Committee (ISC) has done.  In its press release associated with its report ‘Privacy and Security: A modern and transparent legal framework’, the ISC states: “The UK’s intelligence and security

In January,  I published a blog on how the Scottish Government were consulting on plans to transform the current NHS Central Register (“NHSCR”) into a population register without much thought about the Data Protection Act (DPA). The ICO has just published a contribution to that consultation  process that, when you strip away the diplomatic language, comes to a similar conclusion. What I did not know at the time of writing the blog was that there was a flourishing “Entitlement Card”