Hi,
I would have though that the processing by the barrister is a law enforcement function and that the barrister has authority from the statutory powers of the DPP. Consequently, I think that we are looking at Part 3 of the DPA rather than the GDPR.
So going through your questions
Question 1 - technically yes, but something on the barristers webpage may be sufficient (section 44(1) except for the specific privacy notice under subsection (2)). However, I would suspect that the requirement for barristers in this case to serve privacy notices under that section would be restricted by subsection (6). So neither the police nor the DPP nor the barrister would be required to provide a privacy notice.
Question 2 - as a separate data controller the barrister would be responsible for the controller's obligations under the DPA (given that the DPP has no control over the records created I don't think that they can be a joint data controller), I think that the ICO would be making enquiries of the barrister concerned and not the DPP (hence the enforcement action against the unnamed barrister).
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|