UK Law

Data

Data in United Kingdom

Diversity data in relation with the Courts and Tribunals in England

The Judicial Appointments Commission (JAC), a non-departmental public body, publishes a bulletin of Official Statistics, covering the diversity profile of selection exercises twice a year. The period 1 April 2014 to 30 September is published in December and the period 1 October to 31 March is published in June.

Data Protection Act 1998 (DPA)

The DPA is the main piece of legislation which protects personal data in the UK. Anyone who processes personal data is obligated to comply with the Act. The Act defines 8 data protection principles. If you have questions about your obligations under the DPA, you should speak to your Information Asset Owner (IAO) or Data Protection Office (DPO).

Alternatively, you can consult the UK Information Commissioner’s Office (ICO) guidance (ico.org.uk). The guide is for those who have day-to-day responsibility for data protection. It explains the purpose and effect of each principle, gives practical examples and answers frequently asked questions. It also contains specialist topics including CCTV, employment and data sharing.

The DPA is based on the 1995 European Union Data Protection Directive. The EU has just passed a new General Data Protection Regulation (GDPR) which increases individuals’ rights and imposes further obligations on organisations processing personal data. The GDPR will come into force in May 2018. Even though the UK is leaving the EU it is likely that we will have to comply with the GDPR to ensure we have an adequate level of protection for processing EU citizens’ personal data.

Data protection principles

Schedule 1 to the Data Protection Act lists the data protection principles in the following terms:

  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data shall be processed in accordance with the rights of data subjects under this Act. (this principle includes the following topics: Subject access request, Damage or distress, Preventing direct marketing, Automated decision taking, Correcting inaccurate personal data and Compensation).
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Re-use of Public Sector Information Regulations 2015

The EU Directive on the Re-use of Public Sector Information, adopted by the European Union in June 2013, was implemented and transposed into UK law as the Re-use of Public Sector Regulations 2015.

The Public Sector Information Regulations cover any information a public sector body:

  • produces, holds or disseminates within its public task, and
  • holds the copyright for.

Under the regulations, public sector bodies should make their information available for re-use under an open licence at marginal cost. Marginal cost in most cases will be nil. The legislation specifies exceptions to the marginal cost default, for example trading funds. In such cases, public sector bodies may charge re-users to cover the costs of collection, production, reproduction and dissemination of information, together with a reasonable return on their investment.

In Scotland

The Open Data Strategy supports a wider legislative initiative which has been designed to get public sector organisations across Europe releasing their data on a regular basis.

The strategy recognises and supports the duties placed on organisations under access to information legislation in Scotland. Whilst the Open Data Strategy encourages the proactive release of data in a manner currently beyond that required by legislation, legislation in this area can change over time. The key pieces of legislation from Scotland are the following:

  • Freedom of Information (Scotland) Act 2002
  • Environmental Information (Scotland) Regulations 2004
  • INSPIRE (Scotland) Regulations 2009

Posted

in

, , , ,

by

B. Hepple

Tags:

, , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *