![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
The development of a frontier-free internal market and of the so-called ‘information society’ have resulted in an increase in the flow of personal data between EU member states. To remove potential obstacles to such transfers, data protection legislation was introduced. One of the underpinning principles of Directive 95/46/EC is the protection of privacy. Yet, the legislation does not provide a conclusive understanding of the terms ‘privacy’ or ‘private’ data. Rather, privacy protection is to be achieved through the regulation of the conditions under which personal data may be processed. An assessment of whether, 10 years after the enactment of the Data Protection Act 1998 (DPA 1998), a coherent understanding of the concept of personal data exists, necessitated an analysis of the decisions in Durant v. FSA ([2003] EWCA Civ 1746) and CSA v. SIC ([2008] 1 WLR 1550, [2008] UKHL 47). Furthermore, in order to examine the effectiveness of the legislation, this article examines whether the term ‘personal’ is synonymous with the term ‘private’ data and whether control over processing of personal information protects privacy. By drawing on interviews with privacy and data protection experts, and from the findings of a survey of bloggers, it will be shown that a review of the assumptions and concepts underpinning the legislation is necessary.
Keywords:
Notes
Information Commissioner's Office (ICO), ‘UK Privacy Watchdog Spearheads Debate on the Future of European Privacy Law’, ICO, Wilmslow, Cheshire, 2008. Available at http://www.ico.gov.uk/upload/documents/pressreleases/2008/ico_leads_debate_070708.pdf (accessed February 25, 2009)
Durant v. FSA [2003] EWCA Crim 1746.
CSA v. SIC [2008] 1 WLR 1550, [2008] UKHL 47.
The issue has occupied the minds of scholars and jurists alike for decades. It is a common feature of any privacy analysis to start with a disclaimer about the inherent difficulty or impossibility of defining exactly what privacy is or, of dissecting the concept into its various components. While the definitions espoused by Judge Cooley, Samuel D. Warren and Louis D. Brandeis, Alan Westin have a certain intuitive appeal, none have become universally accepted.
D. Korff, ‘Comparative Study of National Laws’, EC Study on the Implementation of Data Protection Directive, 2002, http://ec.europa.eu/justice_home/fsj/privacy/docs/lawreport/consultation/univessex-comparativestudy_en.pdf
Ibid.
S. Booth, R. Jenkins, D. Moxon, N. Semmens, C. Spencer, M. Taylor and D. Townend, ‘What are “Personal Data”? A Study Conducted for the UK Information Commissioner’, 2004, http://www.ico.gov.uk/upload/documents/library/corporate/research_and_reports/final_report_21_06_04.pdf
Durant v. FSA [2003] EWCA Crim 1746.
Identifiabililty was not an issue because the information in the manual files essentially comprised letters of complaint written by Mr Durant and material generated in response to his complaint.
Durant v. FSA [2003] EWCA Crim 1746, [27].
Ibid., [28]
Ibid.
Ibid.
Ibid.
See European Court of Justice decision in Bodil Lindqvist v. Kammaraklagaren (2003) C-101/01, para. 27, as referred to in para. 28 of the Durant judgment.
See Bodil Lindqvit v Kammaraklagaren (2003) C-101/01, para 27, ECJ Judgment, http://eur-lex.europa.eu/LexuriServ.do?uri=CELEX:62001J0101:EN:HTML (accessed February 25, 2009).
Art. 29 Data Protection Working Party, ‘Opinion 4/2007 on the Concept of Personal Data’, 2007, http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf)
ICO, ‘Data Protection Technical Guidance – Determining What is Personal’, v1.0, 21 August 2007, http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/personal_data_flowchart_v1_with_preface001.pdf
CSA v. SIC [2008] 1 WLR 1550, [2008] UKHL 47.
The corresponding provisions of the Freedom of Information Act 2000 are in materially the same terms and the judgment is therefore of relevance throughout the UK.
A specialist health board in Scotland which collects statistical information from other health boards.
CSA v. SIC [2008] UKHL 47 [91].
Ibid., [92].
In the interviews semi-structured questions were used. The aim was to have a discussion with the respondent so that all the themes in the interview guide were covered. Some of the themes in the interview guide were too complex for a few of the participants. For instance, statistical methodologists were not comfortable when answering questions about the specific detail of the legislation in their country.
A respondent matrix was created using quota and snowball sampling. Snowballing is an effective technique for building up a reasonable sized sample, especially when used as part of a small-scale research project (M. Denscombe, The Good Research Guide for Small Scale Social Research Projects (Milton Keynes, UK: Open University Press, 1998).
The respondents were not randomly selected but were found through a variant of the snowball-sampling strategy. Announcements for the online survey were posted to mailing lists in three universities in the UK area as well as on a few high-traffic blogs. The viral nature of blogs meant that the links to the survey page quickly spread to many other blogs and YouTube.
It is the bloggers' subjective sense of privacy and liability that is revealed. This self-disclosure approach has three important implications: (1) There can be disparities between stated privacy attitudes and actions; (2) Participants' perceptions of their blogs might differ from those of outside observers and researchers; (3) accuracy is difficult to verify, e.g. no external validation was conducted.
A.F. Westin, Privacy and Freedom (New York: Atheneum Press, 1967), 7.
BVerfGe 65, 1. ‘Volkszählungsurteil’, 1983, http://www.datenschutz-berlin.de/gesetze/sonstige/volksz.htm
BVerfGE 65, 1. ‘Volkszählung’, 1983.
Only 2% of respondents said they had ‘never’ posted anything highly personal on their blogs.
It is important to note is that a consensus of definition does not exist regarding the terms private or personal. Indeed many used the terms interchangeably.
J.C. Innes, Privacy, Intimacy, and Isolation (New York: Oxford University Press, 1992), 140.
Ibid., 58.
C. Fried, ‘Privacy’, Yale Law Journal 77, no. 3 (1968): 483.
Ibid., 477.