The opinion of the ICO referred to by Ibrahim was always fundamentally flawed.
"A billing authority may only use and disclose council tax personal data for council tax purposes."
There is no authority for this. In the absence of prohibition a billing authority (in DPA terms) to use data for notified purposes - hence my previous emphasis on a god PN. If course one also needs public law vires, and ICO is not the arbiter of that. Whatever the position may have been on vires historically (I was always happy with it and worked in LG for may years) is now irrelevant gven the general power of competence.
"If the personal data is to be used for other non council tax purposes then this can only be done under regulations made by the Secretary of State pursuant to paragraph 17 of Schedule 2 of the Local Government Finance Act 1992. To date no such regulations have been made and therefore the processing of council tax personal data for other purposes is ultra vires (beyond a council’s powers)"
The existence or non-existence of such regulations does not imply a prohibition. Before Schedule 2 there was nothing resembling a prohibition on the statute books. So if, for example, s111 LGA provided vires before the 1992 Act for internal use for debt collection, the passing of Schedule 2 did not make that ultra vires without regulations. On normal statutory construction a prohibition must be clear and explicit. Para 17 is well short of that. It simply allows the extension of vires.
So it was always a vires issue and as noted that has really disappeared. There is still no prohibition so it comes down to fairness, proportionality and a good PN.
Incidentally the same point applies to the Digital Economy Act. The fact that it now explicitly allows something does not retrospectively create a prohibition by implication.
PS Does anyone still have a copy of the Russell opinion? I probably do but would take hours to find it.
∑
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|