There seem to be some strategic holes in the coverage of the issues in Scott.
The timeline isn't as clear as it might have been, given an incident report form and an email were written, the former likely to engage relevant filing system considerations, and the latter certainly in scope, for both DPA98 and (UK) GDPR.
The judgment seems to do away in one fell swoop with what seem to be the intended protections of s1 DPA98 (processing ... means ... disclosure ... by transmission, dissemination or otherwise making available). It does this without even considering the definition of processing, unnecessarily in the instant case, since vital interests where dc cannot reasonably be expected to obtain consent is later considered a lawful approach, even if verbal disclosures were "processing", which they apparently never are:
"I agree with LGBT Foundation's submission that a verbal disclosure does not constitute the processing of personal data, and thus cannot give rise to a claim under the DPA." [para 61]
https://www.bailii.org/ew/cases/EWHC/QB/2020/483.html
Given DPA98 and (UK) GDPR definitions of processing are for these purposes practically identical, are UK courts now likely to consider that there is no protection against verbal disclosure in any circumstances? The case is specific but the assertion lacks scope, let alone analysis, and seems both obviously wrong and concerning. Is there much evidence of continuing consideration of CJEU/EDPB perspectives?
I was wondering what might happen in similar circumstances, possibly with definitively in-scope information, under (UK) GDPR. Art 9(3)(c) lacks a "reasonably expected to obtain consent" exemption, but DPA18 sch 1 para 18 (safeguarding of children and individuals at risk) seems to provide the equivalent and more.
There was a recent-ish case about "information in people's heads" that seems potentially relevant too, though I can't remember if that was re DPA98 or UK or EU GDPR. Something to do with telephone disclosure, finance or insurance I think, possibly conviction or fraud-related. As I recall, the decision was along the lines that if you know something because you've read it in a relevant system, there is no breach if you disclose it from memory. Does anyone remember this?
Thanks,
Gareth
On Mon 22/04/2024 at 14:02, Jonbaines <[log in to unmask]> wrote:
> Interesting. I don’t see the CJEU’s approach in Endemol Shine as much different to the domestic court in Scott. I suspect that if Scott had involved the oral disclosure of information *already* contained in a filing system (as happened in Endomol Shine), rather than oral disclosure of something said orally the judge would have found in the claimant’s favour.
>
>
>
> On Mon, Apr 22, 2024 at 12:27, Ibrahim Hasan <[log in to unmask] <mailto:On Mon, Apr 22, 2024 at 12:27, Ibrahim Hasan <<a href=>> wrote:
>> New blog post:
>>
>> https://actnowtraining.blog/2024/04/22/oral-disclosure-of-personal-data-to-gdpr-or-not-to-gdpr/
>>
>> *#GDPR* *#privacy*
>>
>> Kind Regards
>> A picture containing text, font, screenshot Description automatically generated
>> A picture containing text, font, screenshot, graphics Description automatically generated
>>
>> An archive of messages is stored permanently at http://www.jiscmail.ac.uk/lists/data-protection.html
>>
>> If you wish to leave this list please send an email to [log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE data-protection> with no subject and *LEAVE data-protection* as the message body. This is an automated service.
>>
>> Additional subscriber help is available at https://www.jiscmail.ac.uk/help/subscribers.html
>>
>> Any other list queries can be emailed to [log in to unmask]
>>
>> For general JISCMail queries please email [log in to unmask]
>>
>>
>
> An archive of messages is stored permanently at http://www.jiscmail.ac.uk/lists/data-protection.html <http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
> If you wish to leave this list please send an email to [log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE data-protection> with no subject and *LEAVE data-protection* as the message body. This is an automated service.
>
> Additional subscriber help is available at https://www.jiscmail.ac.uk/help/subscribers.html
>
> Any other list queries can be emailed to [log in to unmask]
>
> For general JISCMail queries please email [log in to unmask]
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
An archive of messages is stored permanently at http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send an email to [log in to unmask] with no subject
and leave data-protection as the message body. This is an automated service.
Additional subscriber help is available at https://www.jiscmail.ac.uk/help/subscribers.html
Any other list queries can be emailed to [log in to unmask]
For general JISCMail queries please email [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|