Category: News

The European Commission has published today a proposal for an “Oyster Card Passenger Name Record (OCPNR) Regulation” to fight serious crime and terrorism before and during the London Olympics. The proposal obliges Transport for London (TfL) to provide EU Member States with data on passengers using London Tube and Bus system whilst at the same time guaranteeing a high level of privacy protection for Olympians and other VIPs. "This proposal for an OCPNR Regulation is an extension of the existing PNR

Like you, I have received my 2011 census form from the Office of National Statistics (ONS). The cover page prominently states, in bold, “Your personal information is protected by law. Census information is kept confidential for 100 years”. Like you, perhaps, I have taken this statement at face value. However, preparing for our Privacy Impact Assessment (PIA) course, I came across the PIA for the Census (see references). Under the heading “Keeping census records confidential”, the Census PIA states that

 The European Commission has released details as to why it sees the UK Data Protection Act as an improper implementation of Directive 95/46/EC, so much so, that it is considering infraction proceedings. Correspondence between the Commission and the UK Government has been exchanged, and despite the possibility of litigation, very little has been published or explained to MPs or MEPs. Hence the “liberation” of information from the Commission about these infraction proceedings is very timely. It is also the

The hype surrounding the CCTV/ANPR provisions in the Protection of Freedoms Bill is misplaced. In fact, I would argue the Bill’s provision for a Statutory Code of Practice in the CCTV area represents little change on the privacy front, but a huge change in the potential for enhanced surveillance. A statutory code of practice covering CCTV/ANPR is to be produced by the Home Secretary and regulated by a new “Surveillance Camera Commissioner”. The Code’s application is limited to policing bodies

Directives often contain a notification provision which place each Member State under an obligation to report certain activities to the European Commission. Following a FOI request to the Commission, it has emerged that the UK Government has ignored its notification obligations in relation to the Data Protection Directive; this raises the general question of whether notification requirements in Directives are effective. With respect to the processing of sensitive personal data without the consent of the individual concerned  (e.g. processing details