Scenario 1, I don't think this is correct as there are unlikely to be many scenarios where the provision of the privacy notice would impact on the prosecution process. It may be relevant to the police who would want to keep details of investigations secret
That said, , we have taken the view that barristers do not need to provide a separate privacy notice as we provide a privacy notice that details our relationship with the barrister.
This is on the basis of:
The fact that we effectively have a joint controller relationship and as such we have taken on the responsibility of providing a privacy notice for that relationship
The general thrust of the GDPR/DPA is make it clear to data subjects how their data is being managed and that to provide two privacy notices about the same processing would likely confuse data subjects and go against the spirit of the legislation.
Scenario 2: Again I am not sure this is necessarily true (though it depends on the relationship the DPP and the barrister have defined). Our relationship with barristers for example set out very clearly that we retain ownership of the data in the long term and that all papers must be returned on the conclusion of the case.
Seth
Seth Speirs
Data Protection Officer
Public Prosecution Service
028 90264621
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Bill Dunn
Sent: 15 February 2019 11:52
To: [log in to unmask]
Subject: Re: [data-protection] data-protection Digest - 13 Feb 2019 to 14 Feb 2019 (#2019-33)
Hi,
I would have though that the processing by the barrister is a law enforcement function and that the barrister has authority from the statutory powers of the DPP. Consequently, I think that we are looking at Part 3 of the DPA rather than the GDPR.
So going through your questions
Question 1 - technically yes, but something on the barristers webpage may be sufficient (section 44(1) except for the specific privacy notice under subsection (2)). However, I would suspect that the requirement for barristers in this case to serve privacy notices under that section would be restricted by subsection (6). So neither the police nor the DPP nor the barrister would be required to provide a privacy notice.
Question 2 - as a separate data controller the barrister would be responsible for the controller's obligations under the DPA (given that the DPP has no control over the records created I don't think that they can be a joint data controller), I think that the ICO would be making enquiries of the barrister concerned and not the DPP (hence the enforcement action against the unnamed barrister).
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|