Marchini, Renzo on 16 July 2007 at 18:26 said:-

> In short, however, it leaves the UK in an uncertain position.
>  The WP is clearly a serious and respectable body whose views
> matter; but their
> opinion is just that, an opinion.   Durant remains law in the UK until
> the UK courts (or the ECJ) say otherwise; or unless the
> Government brings in amending legislation (unlikely, although
> possible given the communication (confidential) between the
> European Commission and the UK on the UK possibly failing to
> comply with the Directive on this (rumour has it) and other
> grounds).

and on 17 July 2007 at 09:46 said:-


> I would say that the Court of Appeal in Durant most certainly
> did think they were applying a purposive interpretation; its
> just a different outcome than that of the WP.


Clearly there are differences of opinion in what the regulations mean.
As I recall (without re-reading), the court quoted from the DP convention
and the DP directive.  Even at that time the restricted focus applied in the
decision could be seen to be specific to certain approaches and problematic
if applied more broadly within DP.
The WP in providing its authoritative opinion has referred back to and
quoted the original regulative process and thoughts expressed by the
regulatory bodies whilst compiling the regulations.

If one accepts that the courts interpret and implement the intentions of the
regulators in respect of those laws which are lawfully drafted and
implemented inside any broader agreements and frameworks which apply, the
difference in opinion appears to be a wide one with significant
implications.  One does have to remember that the Durant decision did
mention that the decision related only to the specific circumstances of that
case which one had to assume had specific reasons beyond what was openly
stated in that opinion to make some sense of it as a quoted case.

Whilst for organisations restricting the purpose of processing is a
necessary thing and for their own purposes clearly in the UK an organisation
may choose to follow whichever opinion it chooses, it seems to me that to be
able to limit any legal vulnerabilities and protect its good name DP
practitioners will have to become very familiar with this area, especially
if an ever tightening and more restrictive framework is to be avoided.

There is a difference between defining a purpose and restricting or refining
the definition of personal data and although related they always have been
two distinctly different issues which need considering during any DP
process.

In that sense I disagree with the thrust of the argument presented above.


Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Marchini, Renzo
> Sent: 16 July 2007 18:26
> To: [log in to unmask]
> Subject: Re: Def of Personal Data by the Article 29 Working Party
>
>
> I read this with interest (as have no doubt many of us
> involved in this area).
>
> It gives a very wide definition of personal data, and in
> particular a wide view of what it means for information to
> "relate to" an individual (the opinion discusses other
> aspects, but this is the one which features in Durant).  The
> court of appeal in Durant said - in essence - that the
> information had to have a "focus" on the individual to be
> that person's personal data.  This was widely read as being
> very restrictive.
>
> The Working Party here has gone much wider (much too wide in
> my opinion).  It expressly rejects "focus" as a criteria (without
> mentioning Durant or the UK).   Instead it says that to "relate to" it
> has to be "about" someone, and the information is "about"
> someone if one of three elements are present: "content",
> "purpose" or "result" ..... now this is where we get a little
> complicated and is perhaps a little bit too much detail for
> readers of this forum (but if anyone is interested, please
> let me know and I would be happy to send a client update on
> the topic (ready in a couple of days)).
>
> I have tried to work through the test as the working party
> sets it up in this document to see whether on Durant-type
> facts it leads to the same result, but actually found the
> test very hard to apply (I think a UK court minded to get to
> the same result could in good faith apply the
> test and not find personal data).   It is unfortunate that of the many
> examples given in the opinion, they could not have included a
> Durant-type situation as an example.   You can just about
> understand why
> (as they cannot be seen to be overtly critical of the UK
> courts) but then why did they even mention "focus" (which
> they did object to)?
>
> The Opinion does contain other examples which would not have
> passed the Durant focus test (Example No 6, say) but which
> they say constitute personal data.
>
> In short, however, it leaves the UK in an uncertain position.
>  The WP is clearly a serious and respectable body whose views
> matter; but their
> opinion is just that, an opinion.   Durant remains law in the UK until
> the UK courts (or the ECJ) say otherwise; or unless the
> Government brings in amending legislation (unlikely, although
> possible given the communication (confidential) between the
> European Commission and the UK on the UK possibly failing to
> comply with the Directive on this (rumour has it) and other
> grounds).
>
> The UK ICO sits on the Working Party.  Opinions can be issued
> only on majority agreement.  The WP's deliberations are
> confidential, but the UK cannot have had an easy time of it.
> (Oh to be a fly on the wall: I imagine he would have voted
> against this part or abstained! But that is
> just a guess.)   I think he is left in a position that if an
> individual
> complains on facts which would not have stood up to the
> Durant, "focus" test but would pass through this test, he is
> left with no option but to
> say: sorry, can't help you, you need to go to Court to
> challenge Durant .......
>
>
>
> Renzo Marchini
> Dechert LLP
> +44 (0) 20 7184 7563 direct
> +44 (0) 20 7184 7001 fax
> [log in to unmask]
> www.dechert.com
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Nick Landau
> Sent: 16 July 2007 17:30
> To: [log in to unmask]
> Subject: Re: [data-protection] Def of Personal Data by the
> Article 29 Working Party
>
> This is actually from the
>
> EU ARTICLE 29 DATA PROTECTION WORKING PARTY
> 01248/07/EN
> WP 136
> "Opinion 4/2007 on the concept of personal data"
>
> which is originally published by the EU at
>
> http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/
> wp135_en.p
> df
>
> I would be interested as to why Statewatch have republished
> the report as
> their own rather than given a link to the EU report.
>
> Setting that aside, can someone comment on how it applies to
> Durant - for
> those of us less familiar with the case.
>
> Nick Landau
>
> Nick Landau's Profile on LinkedIn.com
> http://www.linkedin.com/in/nicklandau1
>
> The Numbers Game
> http://uk.geocities.com/nicklgreen/Nos_Game
>
> ----- Original Message -----
> From: "Chris Brogan" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Monday, July 16, 2007 11:05 AM
> Subject: Re: [data-protection] Def of Personal Data by the Article 29
> Working Party
>
>
> For those of you who don't subscribe to Statewatch I think
> you may find the following paper of interest.
> http://www.statewatch.org/news/2007/jun/wp-136.pdf
>
> I thought I might send this article to Lord Auld (Durant
> Case) but don't really have the bottle.
>
> Chris Brogan
> Managing Director
> Security International Ltd
> 130 St Johns Road, Isleworth, Middlesex TW7 6PL, UK
> Tel:  +44 20 8847 2111  Fax:  +44 20 8847 1852
> Registered in England & Wales No. 1322074
> Registered Office:  11 Loveday Road, London W13 9JT www.securitysi.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^