This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found in the General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner and Bodil Lindqvist. It looks at the geographical scope of the GDPR and the extraterritorial effect of the Regulation, and examines the domestic purposes exemption after Ryneš.
Chapter
The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.
Chapter
This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found, post Brexit in the UK General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner, the Facebook fan page case, and Bodil Lindqvist. It looks at the geographical scope of UK GDPR and the extra-territorial effect of the Regulation and examines the domestic purposes exemption after Ryneš. It examines questions of fairness and lawfulness of processing as discussed in Johnson v Medical Defence Union.
