Automatic Number Plate Recognition allows a vehicle to be tracked to its registered keeper. It is clearly a form of identifier linking a car and its movements with a specific individual. It is that person’s personal data. But could it be the personal data of other people as well – such as passengers in the car? Continue reading
The GDPR is to become law in the UK
So sayeth Secretary of State Karen Bradley MP in her evidence to the Culture, Media, and Sports Select Committee on Monday 24th October 2016. In fact, her precise words were: ‘We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public’ (see here). This statement has since been welcomed by Elizabeth Denham, as reflected on the ICO’s blog. Continue reading
Whose Article 10 rights – the journalist or the confidential source?
Does a media corporation breach a source’s article 10 rights by voluntarily disclosing their identity to the police? Is source confidentiality lost by criminal conduct? These are the questions that the Court of Appeal had to grapple with in the appeal against conviction brought by former prison officer Robert Norman.
Environmental information: the exception for ‘proceedings of public authorities’
The Environmental Information Regulations 2004 contain an exception from the duty to disclose information where disclosure would adversely affect “the confidentiality of the proceedings of that or any other public authority where such confidentiality is provided by law” (regulation 12(5)(d)). There is an equivalent provision in Directive 2003/4/EC. What is meant by the “proceedings” of a public authority? Continue reading
Anonymous information, or personal data? Keys, chains and IP addresses
If you work in data protection, I bet you love questions like this:
I have some information which looks anonymous – but is it nonetheless ‘personal data’? (If it is, it saddles me with plenty of otherwise inapplicable legal duties blah moan). The test is whether there is a realistic prospect of someone being identified, but how do I apply that test? How do I tell whether the risk of someone being identified from this apparently anonymous information is sufficiently high?
And I bet you especially love questions like this:
I have some information which is anonymous in my hands: it would be absolutely impossible for me to identify anyone from this information. But someone else could – there is someone else who has the key which can unlock the identities behind this apparently anonymous (or pseudonymised) data. What now? Is it personal data or not? Continue reading
Ingenuous but not Ingenious: Confidentiality in the Supreme Court
In 2012 HMRC’s then Permanent Secretary for Tax, Dave Hartnett, had an ‘off the record’ (but audio-recorded) meeting with two Times financial journalists, intended as a background briefing on tax avoidance. One topic of discussion was film investment schemes, designed to utilise tax relief for film production partnerships. Mr Hartnett made a number of comments about one agency, Ingenious Media, and its founder Patrick McKenna, including that Mr McKenna had “never left [Mr Hartnett’s] radar”, that “he’s a big risk”, that HMRC “would like to recover lots of the tax relief” from Ingenious’ schemes and that “we’ll clean up on film schemes over the next few years”. Continue reading