Ill put myself up to be shot at re the first part of the scenario David Logan presents and the joint data controller concept. The term 'joint data controllers' does not exist in the Act itself. (Wrong - I hear you shout). Getting technical I read the 'data controller' definition in section 1 as singular. It simply appears to indicate the one or more persons can decide on the manner of purpose of a data controllers' processing. The drafting appears to indicate you have to start with a single controller. Clearly the 'manner of the processing' may include a decision to disclose to the other via some form of agreement on data sharing thereby making them both data controllers. However that disclosure (processing) surely has to be legitimised under the Act from the first to second controller. Examining the scenario presented. Council is a data controller using a third party (processor) to presumably view (process) the data to provide a service. This could be some form of manned guarding service as defined in the Private Security Industry Act 2001 under which the service provider must be licenced. As part of the councils obligation for a written contract, DPA principle 7, they as data controller are obliged to set the security standard expected of the third party processor. One of their contract clauses may have been that the service provider must follow a Code of Practice (COP) issued by the Chief Constable of Strathclyde Police. David's scenario does not indicate what this COP is. Presumably however a COP is simply that and cannot by itself create a legal relationship to permit a claim ownership to the data. The Council in upholding their DPA security obligations would presumably have to authorise any disclosures their processor was allowed to make. Under this scenario it is difficult to see how the Police become a legitimate data controller sharing data ownership. However isn't the position a little different. I suggest the argument may be that the Police are provided with the data by the council as a 'recipient' under DPA either directly or from their service provider. The council may be accepting a Police argument that their access is valid via public order powers under the Police Act (I haven't researched this argument personally yet but am given to understand such things exist in that Act - Anyone on list care to comment on if/where this exists in the Police Act?). Under DPA this would be a 35(1)(rule of law) disclosure. Using such a disclosure argument the council are exempt from the first 5 principles of the DP Act via non-disclosure exemption and do not have to notify the data subject of the disclosure (unless via a subsequent subject access request). The Police force concerned as a recipient presumably become a data controller and take it from there re their DPA obligations. Both Council and Police become data controllers. (arguably via 'joint decision' as this could all be negotiated in a few minutes between the two parties) OK Shoot David Wyatt > -----Original Message----- > From: This list is for those interested in Data Protection issues > [mailto:[log in to unmask]]On Behalf Of David Logan > Sent: 19 September 2001 14:51 > To: [log in to unmask] > Subject: re : Subject Access to CCTV > > > Sorry I can't help with request for form. > > I'm interested, however, in the fact that Police and Council are > joint data > controllers. > > This Council likewise has equipment it owns. Some of these images are > transmitted to a third party which views them on behalf of the > Council. This > third party has bound itself to observe the Code of Practice and > Guidelines > issued by the Chief Constable of Strathclyde Police. In terms of these the > Police claim copyright in the images. There is no agreement as to > who is the > data controller. It would be useful, therefore, to know how the Police > agreed that they were joint data controllers. > > Another issue of interest is the extent to which the Council can > competently > monitor images for purposes other than prevention or detection of > crime and > the on what basis the Police can release images of crime prevention or > detection to third parties who may not have a locus to enforce sanctions > caused by breaching criminal law. > > Any comments would be appreciated. > > David Logan > Principal Solicitor > West Dunbartonshire Council. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm > all commands go to [log in to unmask] not the list please! > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^