Category: Other Information Law

The Government has added a completely new immigration control exemption to the Data Protection Bill (“DPBill”). This exemption does not appear in the Data Protection Act 1984 nor in the Data Protection Act 1998 so the question immediately arises as to “why an immigration exemption is now suddenly needed?”. The exemption is very broad; it is from all data subject’s rights (e.g. of access, information about the processing) if satisfying these rights would prejudice “the maintenance of effective immigration control” or “the

Unless the European Union (Withdrawal) Bill is modified, the new Data Protection Bill that implements the UK’s version of the GDPR (expected tomorrow) can be modified or even repealed using Ministerial powers that are not subject to detailed scrutiny.  Indeed, I will go so far to say that the European Commission would be advised not to grant the UK the status of offering an adequate level of protection until further legislative guarantees are enacted by the UK. So bad is

The ICO’s enforcement (or lack of enforcement depending on your view) in the Royal Free/DeepMind case has divided the data protection community. The ICO found that the Royal Free had breached four data protection principles, had breached the medical confidentiality of 1.6 million patients but concluded that such a breach warranted an Undertaking. Reaction from many data protection specialists has often been on the following lines: “If a breach on this scale involving millions of patients’ Health Sensitive Personal Data

A few comments on the Data Protection Bill as announced in the Queen's Speech. Note that it is a Bill (i.e. primary legislation) covering all aspects of data protection including law enforcement as does the current Data Protection Act. As is well known, Member State law can allow modifications to Articles 4(7), 4(9),  6(2), 6(3)(b), 6(4),  8(1), 8(3), 9(2)(a), 9(2)(b), 9(2)(g), 9(2)(h), 9(2)(i), 9(2)(j), 9(3), 9(4),  10,  14(5)(b), 14(5)(c), 14(5)(d),  17(1)(e), 17(3)(b), 17(3)(d), 22(2)(b),  23(1)(e),  26(1),  28(3), 28(3)(a), 28(3)(g), 28(3)(h),

Yesterday, the Court of Appeal achieved something that the Information Commissioner (ICO) has been trying to do for nearly a decade; to require a review of procedures that allow for the disclosure (or non-disclosure) of criminal convictions that have no relevance to employment. For example, in the last Annual Report (2016) the previous Commissioner noted his inability to help the data subject: “We considered a complaint from an individual who had a request for deletion of an arrest record refused.

Using the advanced mathematical techniques employed by those calculating the benefits of Brexit, this blog has been able to deduce the level of the proposed “replacement-for-notification-fees”, levied on controllers, to meet the costs of the ICO under the GDPR. I can report that these fees are set to rise significantly (at least 50% across the board). Indeed, those paying the current registration fee of £500 per year might find themselves paying just short of £7K per annum.  Fees well north

The ICO has just published draft Advice (the “Advice”) on the use of consent under the General Data Protection Regulation (GDPR). All I can suggest is that readers engage with the consultation over the content of this draft Advice (especially if a data controller relies on data subject consent). What follows is a set of statements from the 40 page Advice concerning consent under the GDPR, followed by my commentary which I hope helps your understanding of the issue. This should

[Note added: 16 March 2017. The Executive Order has been rescinded. However, the analysis of Privacy Act 1974 in the USA is valid.  It does not apply to EU nationals and even if it did, the analysis shows that there is very little in the way of privacy protection.  It appears to me to be data sharing legislation] President Trump’s Executive Order (Enhancing Public Safety in the Interior of the United States) has caused controversy over its temporary ban on all Muslims

A House of Lords Committee has heavily criticised the data sharing provisions in Part V of the Digital Economy Bill; it has reported that the provisions should not be supported in their current form. The Report confirms my comments in previous Blogs (see references) that the data sharing provisions (e.g. for efficient public sector service delivery, for research and statistics, for debt recovery and for fraud) are untrammelled. Namely the provisions: combined with the flexibility for Ministers to add to the