Overlooked - Liberty
Overlooked - Liberty
Overlooked - Liberty
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
14 <strong>Overlooked</strong>: Surveillance and personal privacy in modern Britain<br />
The Data Protection Act 1998<br />
The Data Protection Act 1998 (DPA) implements the 1995 EU Data Protection Directive 17 and regulates<br />
the storage and use of information about individuals.<br />
The DPA serves two principal purposes. It allows individuals to access information held on them by<br />
a data controller by way of a ‘subject access’ request 18 . While subject access is extremely important,<br />
it is not as relevant to this report as the other main function of the DPA. This is to set out the<br />
framework by which any controller of personal data must comply.<br />
The DPA sets out eight guiding principles by which all personal data must be handled. To compress<br />
the wording of the DPA, personal data must be:<br />
(a) fairly and lawfully processed, and in particular;<br />
(b) processed for limited purposes, which purposes usually need to be notified to the individual<br />
concerned;<br />
(c) adequate, relevant and not excessive;<br />
(d) accurate;<br />
(e) kept for no longer than is necessary;<br />
(f) processed in line with individuals’ rights;<br />
(g) secure; and<br />
(h) not transferred to countries outside the EEA and several other approved countries without<br />
adequate protection.<br />
Under the DPA, all personal data must be fairly and lawfully processed. “Processing” personal data<br />
under the DPA means obtaining, recording, holding, transferring, or carrying out any operation on the<br />
data. Whether personal data has been lawfully processed is perhaps more readily ascertainable than<br />
whether it has been fairly processed. The DPA recognises that some types of data are particularly<br />
sensitive and places additional obligations for anyone processing sensitive personal data 19 . The DPA<br />
also sets out a number of exemptions which in many circumstances permit the processing of data<br />
without the need for reference to the data protection principles. For the purposes of this work the<br />
main exemptions are national security 20 , crime and taxation 21 and journalism literature and art 22 .<br />
17<br />
Directive 95/46/EC http://www.cdt.org/privacy/eudirective/EU_Directive_.html<br />
18<br />
Section 7 DPA<br />
19<br />
Under S.2 DPA sensitive personal data covers racial or ethnic origin of the data subject, their political opinion,<br />
their religious or spiritual belief, whether on not they are a member of a trade union, their physical or mental<br />
health or condition, their sexual life and the record of any alleged or actual criminal activity or sentencing<br />
20<br />
Section 28 DPA<br />
21<br />
Section 29 DPA<br />
22<br />
Section 32 DPA