Category: News

Quick blog as I am teaching most of the week; but the headline says it all. A colleague of mine went to a lecture on the proposed Data Protection Regulation two days ago (organised by Field Fisher Waterhouse -  the city law firm that employs data protection stalwart Stewart Room and which hosts meetings of the National Association of Data Protection Officers – a information law grouping which has expanded its interest to cover FOI and RIPA issues as well).

You have probably skimmed section 32 of the Data Protection Act, and seen that the exemption negates the application of all the Principles (except the 7th) and most of the data subject rights, if personal data are processed for a journalism purpose and if the processing is necessary with a “view to publication” of the personal data. You also probably have drawn the conclusion that there was not much data protection to be had, given the scope of this exemption

I thought I would devote a blog to answer the following question: “What would I say, if a manager asked me what were the key changes to the data protection regime as a result of the Regulation?”. So please use/amend the text for this purpose if need be. Note the blog is only about the Regulation:– not the law enforcement elements where there is a separate Directive also published today. The first point to make is that a Regulation has

The Article 29 Data Protection Working Party (WP) has just published its comments on the EU-USA Passenger Name Record (PNR) Agreement; a deal that I analysed just before Xmas as having the following characteristics: “data protection is weak, proportionality not guaranteed, and obvious safeguards absent” (see references). This view is substantiated by the WP’s comments. As a general assessment, the WP notes that there have been “modest” improvements from earlier drafts “but does not see its serious concerns removed”.  Primarily

A brief note: between January 25th (most likely) and January 28th the official draft of a Regulation is expected to be published; it eventually result in changes to the UK's Data Protection Act. I will do an analysis of it for the blog in the following weeks. Also, our UPDATE session on March 26th in London will be revised in order to have at least a half day devoted to the Regulation and what it means for data controllers. Our guest