Feeds

What is wrong with the Data Protection Act?

FOI infraction saga hits the buffers

Secure remote control for conventional and virtual desktops

Bad news guys! I have just received my Tribunal Decision which throws out my attempt to find out what is wrong with the UK’s Data Protection Act. The decision means that 60 million data subjects and one-third of a million data controllers will not fully understand why the European Commission thinks that the UK’s implementation of Data Protection Act has been deficient since 2004. I think this is a shocking state of affairs.

The result of this decision is important for another reason. The jungle drums are increasingly beating out the message that the European Commission is thinking of enacting a new data protection regime by regulations. Will such regulations address the identified problems with the UK Act? Well, if the public doesn’t know what these problems are, then it won’t be able to judge.

I asked the Ministry of Justice (MoJ) for a summary of the information held about the infraction proceedings, because an earlier FOI request for the full detail had failed. I was hoping that (a) the summary might exist or (b) the summary information might be scattered around in emails and documents already held, and that finally, this summary would not be exempt. And thirdly, because of the House of Lords decision in CSA v SIC, I also argued a new point: even if the summary information did not exist, CSA v SIC implied that this step did not need the creation of new information*.

By contrast, the Commissioner, in his Decision Notice which has been upheld by the Tribunal, said that the summary information is only relevant to the form in which existing information is presented to the requestor. It followed that this meant that any exemption had to be applied to the full existing information as the summary was only relevant when information is to be given to the applicant. And because in my case (ie, my previous failed FOI request), the full information was still exempt, the question of providing a summary was irrelevant.

It is this view which has prevailed. However, I am disappointed that the tribunal decision did not document any rebuttal of any of the arguments I had presented. To redress this omission why I have attached the relevant arguments so that blog readers can take a look if interested (download at end). I am still of the opinion that asking for "summary information" is a valid FOI request!

FOI practitioners should read the following

What is interesting for FOI specialists is the Tribunal Decision in relation to the “time of the request”. My request was made on 1 October 2009. The MoJ did not respond till 3 February 2010 – hardly 20 working days! I immediately asked for a review which was completed on 25 August 2010 – hardly 20 working days as recommended by the ICO for the internal review period. (These are delays which the Tribunal Decision categorises as “some delay” and “less serious delay” – hardly a problem then!).

At the end of June 2010, the MoJ received a substantive response from the European Commission about the deficiencies in the Data Protection Act 1988 (and responded to them).

My question to readers with a FOI interest is as follows: if my request was made in October 2009, can the information received by the MoJ in June 2010 form part of the request, because clearly this information was not held at the time of the request?

The answer is “yes” because the internal review process had not been completed.

The Tribunal Decision relies on the Commissioner’s argument for this, but this in turn relies on just one Tribunal Decision. However, I have placed in the public domain*, a fully referenced justification of why the Tribunal came to this position which mentions several such Decisions. The Tribunal decided not to refer to this document.

The message for FOI practitioners is this: if the FOI Internal Review process gets stretched out, subsequent information relating to the request received after the time of the request might need to be included in the review and possibly disclosed to the applicant.

Concluding comment

It is interesting to note that the Tribunal, at the end of its Decision, records the fact that I am entitled to a heavily redacted summary of information held by the MoJ in June 2009.

This is, of course, was one of the arguments that I was running: namely, non-exempt, summary information exists, and can be extracted from the full, existing exempt information.

It’s a funny old inconsistent world!

References*

  • The arguments in relation to my request is here (PDF).
  • The Tribunal Decisions relating to the “time of the request” is here (PDF).
  • The Tribunal Decision Notice can be downloaded here (PDF).
  • CSA v SIC reference is: Common Services Agency v Scottish Information Commissioner ([2008] UKHL 47 [2008] 1 WLR 1550.

Note: Some details of the deficiencies in the UK Act have been published under FOI. See “Privacy: New government revelations amplify concerns surrounding deficiencies in UK’s Data Protection Act.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Build a business case: developing custom apps

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Govt control? Hah! It's IMPOSSIBLE to have a successful command economy
Even Moore's Law can't help the architects of statism now
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
New voting rules leave innocent Brits at risk of SPAM TSUNAMI
Read the paperwork very carefully - or fall victim to marketing shysters
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.