Evaluation of Data Protection Act
Essay by Deric Wong • May 10, 2017 • Essay • 980 Words (4 Pages) • 1,032 Views
In advising Jon with regards to his rights and remedies under the Data Protection Act 1998, this article will first look at a brief introduction of the 1998 Act, followed by the importance of data processing, and the rights and remedies available to Jon. Firstly, the 1998 Act was introduced and enacted to meet the requirements of the European Union’s Data Protection Directive 95/46/EC. The Directive lays down basic principles and rules, which are then given effect in the domestic legislation of each Member States of the European Union. The 1998 Act regulates the processing of personal information of individuals. In fact, it is broad and applies to obtaining, holding, using or disclosing this personal information. Section 1 of the Act lays down eight principles that regulate how personal data should be handled, which are “based on the premise of compliance with principles of good data management”. Under the 1998 Act, three parties are made subject of the Act namely, Data Subjects, Data Processor, and Data Controller. In this case, Instagram would be regarded as data controller, as the company holds and processes personal data. It must be noted that s.4(4) of the 1998 Act requires the data controller to comply with the data protection principles in relation to all personal data.
For data to be classified as personal data, the data must relate to a living individual who can be identified from the data or is likely to come into, the possession of the data controller. The Court of Appeal judgment in the case of Durant considered the meaning of “personal data” in the DPA. The Court considered the fact that data may be associated with an individual’s name was not sufficient to make it personal. Two additional factors are required, which are the information should be “biographical in a significant sense”, and that the data should not include a merely incidental reference to the data subject, it must affect the data subject’s “privacy, whether in his person or family life, business or professional capacity”. The DPA covers all personal data, be it electronically or physically. Specific provision is made under the 1998 Act for processing sensitive personal information. These may include, for example, Jon’s racial or ethnic origin, political opinions, or even his personal sexual life. In fact, it was held in the case of Edem that a person’s name constitutes personal data unless the name is so common that without further information, such as its use in a work context, a person would remain unidentifiable despite its disclosure.
The case of Lindqvist regarding data protection is of great importance as it clarifies to individuals and organisations that personal data is protected and no one can use it without prior authorization. This can be seen as a useful warning given by the court to those interested in using and accessing data, without any right or consent. Article 7 of the Charter of Fundamental Rights which focuses on primarily individual autonomy provides that ‘Everyone has the right to respect for his or her private and family life, home and communications’. It is worth noting that Article 7 corresponds to Article 8 of the European Convention on Human Rights (ECHR), the right to respect for private and family life. The case of Malone recognized that the applicant’s right to be left alone, is inherent in Article 8 of the ECHR, and that this is an essential object of Article 8. Besides, Article 8 of the ECHR also confers positive obligation on the State
...
...