The contents of this e-mail are confidential and may be privileged. Please refer to the notice at the foot of this e-mail before reading any further.



I have filed this with Masons' out-law news services

If someone wants further detail, I will provide a file which outlines
more info on the below - just reply to this e-mail


Chris




UK's Data Protection Act Might Not Meet European Union Standards
 
In December last year, the landmark decision of the Court of Appeal in
Durant -v- FSA narrowed the scope of data protection to such an extent
that, on a subject access request, it effectively applied only to
computerised personal information which focused on a living individual
in a biographically significant way.

Today, the editors of Data Protection and Privacy Practice, a newsletter
published by Masons, said: "The Durant decision is based on faulty
reasoning which could result in the Data Protection Act of 1998 being
found to be an inadequate implementation of the Data Protection
Directive of 1995".

Last week, Mr Durant filed papers with the European Commission in
Brussels, claiming that the UK Government had not implemented the Data
Protection Directive properly. The detailed analysis published in Data
Protection and Privacy Practice has been attached to substantiate that
claim.

In addition, the Editors say that certain aspects of the Information
Commissioner's published advice in relation to the impact of the Durant
decision on certain CCTV systems, and on the recording of a name, does
not stand up to detailed scrutiny.

Dr. Chris Pounder, one of the editors of Data Protection and Privacy
Practice, explained why the UK could be in breach of its Directive
commitments: "In our view, the Directive's guarantee of the data
subject's right of access is seriously undermined by the breadth of
judicial discretion assumed by the English Courts in relation to section
7(9) of the Data Protection Act 1998. We are also of the view that there
are arguments that the implementation of the Directive's provisions in
respect of the meaning of personal data, can also be challenged."

Section 7 of the 1998 Act deals with an individual's right of access to
personal data. Section 7(9) states: 
"If a court is satisfied on the application of any person who has made a
request under the foregoing provisions of this section that the data
controller in question has failed to comply with the request in
contravention of those provisions, the court may order him to comply
with the request."

Dr. Pounder continued: "In the judgment, the Court of Appeal has
interpreted the 'may' in section 7(9) of the Act to claim a general and
untrammelled discretion not to enforce the right of access. By contrast,
the 1995 Directive requires Member States to guarantee the right of
access - this means that the 'may' must be narrowly constructed". Dr
Pounder concluded "One cannot have a requirement to guarantee rights of
access on the one hand and have the courts having wide discretion not to
back up the guarantee on the other. There is a major inconsistency
here."

In relation to the Court of Appeal decision itself, Dr. Pounder said
that there were several major problems with the reasoning displayed in
the judgment. Dr. Pounder said "In our analysis we show that all the
arguments that have been used to narrow the scope of personal data are
based on a misunderstanding of the provisions of the Act, and/or of its
predecessor, the Data Protection Act 1984. In one case, the reasons
given by the Court of Appeal for its judgment directly contradicts the
reason the Government gave Parliament when it enacted the legislation.
This fact is plain to see in the Parliamentary record published in
Hansard".

Dr Pounder said "It is interesting to note that it was the discretion
last issue which unlocked Mr. Durant's route to the Court of Appeal. By
challenging discretion successfully, Mr. Durant was able to raise doubts
on the more substantive issues. History could now repeat itself"

Dr. Pounder concluded: "Without the discretion point, the arguments for
compliance or non-compliance are not clear cut and, on their own, might
even not be worth exploring. However, given that the court's
interpretation of its discretion to order a data controller to give
access is, in our view, wholly non-compliant with the objectives of the
1995 Directive, it could be that this is the issue which brings the
whole of the UK's implementation into sharp focus".
 
Dr. C.N.M. Pounder

Consultant & Editor of Data Protection & Privacy Practice 
Information & Technology Group
Masons - International Law Firm 
DDI: +44(0)20 7490 6605 
Fax: +44(0)20 7490 2545 
E-mail: [log in to unmask] 
Post-mail: 30 Aylesbury Street, London EC1R 0ER, UK 
www.masons.com 
www.out-law.com 


If you have received this e-mail in error, do not use the contents of the e-mail or disclose it to any other person. Please notify us by reply, or telephone our London office on +44 (0) 20 7490 4000, and then delete the e-mail. We believe, but do not warrant, that this e-mail and its attachments are virus-free, but you should check. Masons may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to Masons' monitoring the content of any e-mails you send to or receive from Masons. Masons is not liable for any opinions expressed by the sender where this is a non-business e-mail.

Masons is an international law firm with offices in London, Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels, Hong Kong, Shanghai and Singapore. Further information about the firm and a list of partners are available for inspection at 30 Aylesbury Street, London EC1R 0ER or from our web site at www.masons.com. Each of our offices is regulated by the relevant local law society.

This e-mail has been scanned for all viruses by Star Internet using MessageLabs SkyScan services. For more information visit: www.star.net.uk.
_________________________________________________________________________________________

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^