Child porn convictions to be reported to banks
Data protection amendment
Police will be able to pass details of child pornography offenders on to banks so that offenders' credit cards can be revoked.
The Home Secretary has issued an order for the amendment of the Data Protection Act which will be read in both houses of Parliament.
The order was requested by credit card issuers and is the result of three years of negotiation between the industry and the Home Office, according to a spokeswoman for issuers' organisation APACS, the UK payments association.
"We asked for this because at the moment if someone uses a card to purchase illegal pornography there is no way under data protection legislation for the Police to pass that information on to card issuers," an APACS spokeswoman said. "We already have the power to take a card from someone, but if they committed one of these offences we wouldn't know about it."
The order relates specifically to offences relating to child pornography and allows the authorities to inform a credit card issuer of the identity of someone who has used one of its cards to commit a child pornography offence.
The purpose of the order, as outlined in its explanatory note, is to change the legislation so that information about a criminal conviction or caution may be processed for the purpose of administering an account relating to the payment card (or for cancelling the payment card) used in the commission of one of the listed offences relating to indecent images of children and for which the data subject has been convicted or cautioned under the relevant legislation in England and Wales, Scotland or Northern Ireland.
Data protection expert Dr Chris Pounder of Pinsent Masons, the law firm behind OUT-LAW.COM, said the draft order was tightly enough drawn not to raise privacy concerns.
"Although the order will legitimise the processing of these sensitive personal data that does not exclude application of the other principles," said Pounder. "For example, the sensitive personal data have to be retained for no longer than is necessary and have to be relevant to the purpose. Additionally, these personal data might be subject to an enhanced security regime."
In a separate case, data protection rights were strengthened in Europe with the ruling of the European Ombudsman that a German local government violated the EU Data Protection Directive.
When the State of Hamburg handed personal information to third parties for use in direct marketing, one resident complained to the European Commission. The commission said that while Hamburg could not use the information for its own direct marketing, it could send it to third parties.
The resident took the case to the European Ombudsman, who said the commission's ruling had been too narrow. In order to avoid further action, the Ombudsman recommended that the commission review its interpretation of the directive. The commission has agreed to do so.
- Draft Data Protection (Processing of Sensitive Personal Data) Order 2006
- Explanatory Memorandum to the draft Order (2 page/23KB PDF)
- European Ombudsman's decision
Copyright © 2006, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Sponsored: Virtualization security practical guide