UK Data Protection E-news - August 2011
- ICO publishes first private sector audit reports
- Current law fails to protect privacy
- Guernsey and Jersey consider joint DP Commissioner
- Government seeks views on a UK Bill of Rights
- Consultation on Open Data launched
- ICO consults on monetary penalties guidance
The ICO published in July and most recently on 25th August executive summaries of the inspections it carried out at Google Inc, Nationwide Building Society, and GE Money Home Lending.
Nationwide Building Society and GE Money Home Lending received high assurance audit assessments, which require just limited further improvements from the companies involved.
The ICO still has concerns over Google’s data processing. The executive summary of its audit report, published in August, says that Google provided reasonable assurance that it has implemented the privacy process changes outlined in the Undertaking. The ICO says that while improvements have been made to Google’s internal privacy structure, privacy training, awareness and privacy reviews, the risk of an incident similar to the mistaken collection of payload data by Google Street View vehicles still remains.
Google’s response, which summarises the action taken so far, is also on the ICO website.
See the executive summaries.
The Equality and Human Rights Commission’s report, Protecting Information Privacy, published on 15th August, says that the current privacy law does not stop breaches of personal data privacy. The report shows that personal data is being passed between government agencies without permission. The authors of the report, Charles Raab, Emeritus Professor at the University of Edinburgh, and Benjamin Goold, Associate Professor at the University of British Columbia, found that the agencies may be unaware that they are breaking the law as their obligations are unclear. Also, as the law has tended to develop in an irregular and largely sporadic fashion, there are substantial gaps in the information privacy protections offered to individual citizens, they say.
The Commission calls for changes to be made in the UK law. Although changes are proposed in the Protection of Freedoms Bill, they do not go far enough.
The Commission proposes that the government:
- streamlines the current legislation on information privacy
- ensures that public bodies and others have to properly justify why they need someone’s personal data and for what purpose
- makes sure that all public bodies carefully consider the impact on information privacy of any new policy or practice.
Professor Geraldine Van Bueren, an Equality and Human Rights Commissioner, said:
“It’s important that the government and its agencies have the information they need about us to do their job, for example to fight crime, or protect our health. However, the state is holding increasing amounts of information about our lives without us knowing, being able to check that it’s accurate or being able to challenge this effectively.
This needs to change so that any need for personal information has to be clearly justified by the organisation that wants it. The law and regulatory framework needs to be simplified and in the meantime public authorities need to check what data they have and that it complies with the existing laws.”
The States of Guernsey (the legislature) meeting, scheduled for 28th September, will discuss a proposal that Emma Martins, Jersey’s Data Protection Commissioner, be appointed as joint Data Protection Commissioner for both Jersey and Guernsey for the period 1st October 2011 to 30th November 2015.
This proposal has been developed in consultation with the current Data Protection Commissioners in both Guernsey (Peter Harris) and Jersey, and with their respective staff. Dr. Peter Harris’s term finishes on 30 September. The Home Department says that it is no longer necessary to have in place a full-time commissioner as ‘the law has now been introduced and implemented’.
See pages 1573 to 1584 on this joint commissioner proposal and the Guersey’s Data Protection Commissioner’s Annual Report for 2010 at pages 1714 – 1756.
The government-appointed Commission on a Bill of Rights is currently consulting on whether the UK needs a Bill of Rights, which could also enhance a right to privacy. The discussion paper, issued on 5 August, poses the following questions:
(1) do you think the UK needs a Bill of Rights?
(2) what do you think a UK Bill of Rights should contain?
(3) how do you think it should apply to the UK as a whole, including its four component countries of England, Northern Ireland, Scotland and Wales?
(4) having regard to our terms of reference, are there any other views which you would like to put forward at this stage?
Responses are sought by 11 November 2011. Please send your views to: firstname.lastname@example.org
See the discussion paper.
The Cabinet Office has today launched a consultation on the government’s Open Data initiative which aims to provide more freely available data for anyone’s use and redistribution. The presumption is that data about public services will be Open Data. Some data may be charged for. The government is now asking about the tests which should be applied when deciding to make a dataset available. Data protection concerns arise, for example, with the publication of crime statistics.
An independent review of privacy and transparency by Dr Kieron O’Hara of Southampton University is due to be published later this summer. The Information Commissioner, Christopher Graham, said: “I welcome this further initiative towards greater accountability and transparency. The Information Commissioner’s Office stands for openness by public bodies and data privacy for individuals. The information rights regime needs to adapt to the new realities of the digital world, both the demands and the possibilities. We have been working with the Cabinet Office and the Ministry of Justice and will be responding to the consultation.”
Deadline for responses is 27 October 2011. The consultation will be followed by a White Paper to firm up the proposals.
The ICO is currently seeking stakeholders’ views on the revision of its statutory guidance on monetary penalties under section 55C (1) of the Data Protection Act. This is due to the ICO having received additional powers to issue monetary penalty notices for serious breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003. The consultation runs until 27 September.
The consultation is here.
Copyright Privacy Laws & Business 2011