Data Protection Systems in the European Union: The UK Experience
The objective of this chapter is to analyse the UK data protection system in order to allow a comparative exercise with the experience of the other two selected EU Member States (France and Italy), with an eye towards possible improvements of the EU Data
- PDF / 464,796 Bytes
- 41 Pages / 439.36 x 666.15 pts Page_size
- 22 Downloads / 210 Views
Data Protection Systems in the European Union: The UK Experience
Apart from the common issues which will be equally analysed in Chaps. 3, 4 and 5, other issues will be the focus of analysis here: the scope of consent and data protection principles, because the way they are dealt with by the UK Data Protection Framework differ—to a larger or small extent—from the provisions contained in Directive 95/46/EC. The United Kingdom (UK) adopted its first data protection legislation in 1984— the Data Protection Act 1984.1 However, as a consequence of Directive 95/46/EC, it had to adopt a new piece of legislation which is currently in force, the Data Protection Act 1998 (hereinafter UK Act),2 which will be the main focus of this chapter. The UK Act is divided into eight data protection principles. These principles are: (a) processing personal data fairly and lawfully; (b) processing personal data for specified purposes; (c) the amount of personal data one may hold; (d) keeping personal data accurate and up to date; (e) retaining personal data; (f) the rights of individuals; (g) information security; (h) sending personal data outside the European Economic Area.3 As will be seen in the following sections, there are considerable differences between the approaches adopted in the UK and in the other selected EU Member States, not only in terms of legislation, but also regarding the interpretation of the rules and the practice, what leads to different outcomes when analysing similar issues. 1
See http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1984/cukpga 19840035 en 1. Accessed 28 January 2010. 2 Available at http://www.opsi.gov.uk/acts/acts1998/ukpga 19980029 en 1. Accessed 28 January 2010. See Information Commissioner’s Office. Data Protection Act 1998: Legal Guidance. Available at http://www.ico.gov.uk/upload/documents/library/data protection/detailed specialist guides/data protection act legal guidance.pdf. Accessed 5 February 2010. P. 6. “The Data Protection Act 1998 (“the Act”) gives effect in the UK law to EC Directive 95/46/EC (the “Directive”). The Act replaces the Data Protection Act 1984 (the “1984 Act”) and was brought into force on 1 March 2000.” 3 Information Commissioner’s Office. The Guide to Data Protection. Op. cit. P. 41. M. Viola de Azevedo Cunha, Market Integration Through Data Protection, Law, Governance and Technology Series 9, DOI 10.1007/978-94-007-6085-1 4, © Springer ScienceCBusiness Media Dordrecht 2013
101
102
4 Data Protection Systems in the European Union: The UK Experience
4.1 The Data Protection Authority: The Role of the UK Information Commissioner The Data Protection Act 1998 transformed the former Data Protection Registrar into the Data Protection Commissioner, which, subsequently to the entry into force of the Freedom of Information Act 2000, became the Information Commissioner (hereinafter ICO).4 The ICO, in addition to the powers conferred by the Data Protection Act, also has powers conferred by the Freedom of Information Act, the Privacy and Electronic Communications Regulations an
Data Loading...
