Category: Other Information Law

In January,  I published a blog on how the Scottish Government were consulting on plans to transform the current NHS Central Register (“NHSCR”) into a population register without much thought about the Data Protection Act (DPA). The ICO has just published a contribution to that consultation  process that, when you strip away the diplomatic language, comes to a similar conclusion. What I did not know at the time of writing the blog was that there was a flourishing “Entitlement Card”

This blog explains why I think the Italian text of the Regulation published just before Xmas is likely to provide data subjects with a lower level of protection than Directive 95/46/EC or even the current Data Protection Act 1998 (DPA). In the blog, I raise four areas to make the case: A carve out for the public sector (this allows Member States to legitimise processing that otherwise could be in breach of a data protection requirement). The “risk based” approach

What better way to spend Data Protection Day (yesterday) than having a light-bulb moment; this is especially the case as, at my age, light bulbs tend to go in a different direction. My thoughts on IP addresses were triggered by the Ryneš ECJ case (domestic purposes exemption does not apply to surveillance of public places from a domestically installed CCTV). I think the Ryneš case strengthens the argument that an IP address is personal data in many instances. If I

[Note added 17/3/2017: The proposal is no longer going ahead: See Question S5W-07384 of 21/02/2017 "Ministers have listened carefully to the arguments"   …and do not intend to take forward the proposal.] I thought the idea of a centralised, national population register was well and truly dead? Well the Holyrood SNP Government wants to resurrect a Scottish version. The Scottish Government’s plans are outlined in a document entitled “Consultation on proposed amendments to the National Health Service Central Register (Scotland) Regulations 2006”. The

Xmas has come and to get you in the festive mood, I present a link to 232 pages of gripping holiday reading. Forget all those TV repeats over the holiday period; in the forthcoming break why not snuggle down with the latest DAPIX version of the Data Protection Regulation which identifies the current thinking of Member States. I have made two preliminary conclusions: • I think that the Data Protection Regulation will not be agreed until the end of 2015 (if that); this

For the last two years I've been working with colleagues in the Cabinet Office's Privacy and Consumer Advisory Group to develop privacy principles for the government's online identity assurance programme. This is now close to launch, and got some front-page attention in The Times on Monday. Here is the just-published letter we sent to the newspaper with more details. The Government Digital Service has also published a response. Sir, Today’s Times (4/11/2014) front-page story contains an error: “Virtual ID for

All through the New Labour Surveillance decade (and through to the current Snowdon revelations), Parliament and public have been deliberately kept in the dark as to why the UK’s Data Protection Act (DPA) is not a proper implementation of Directive 95/45/EC. What is wrong with this implementation? It’s an official secret. However, the MoJ have just told me (see references) that the deficiencies are apparently so great that the European Commission is still thinking of infraction proceedings. The above, of