Feeds

New laws to shackle and fine the Press? We've got PLENTY already

Not just libel law, Data Protection Act is armed to the teeth too

  • alert
  • submit to reddit

High performance access to file storage

Analysis Prime Minister David Cameron has expressed "serious concerns and misgivings" over bringing in laws to underpin any new body to regulate the press.

Mr Cameron told MPs that legislation backing a regulatory body underpinned by statute would "cross the Rubicon" by writing elements of press regulation into the law for the "first time". Because of this, Mr Cameron is “not convinced at this stage that statute is necessary to achieve Lord Justice Leveson’s objectives”.

In my view the Rubicon has been already crossed and the press are already subject to a statutory framework and a statutory regulator. There is no "first time". Mr Cameron has, like President George Bush, “misspoke”; the stated reason for not implementing Leveson’s requirement - that any new press regulator should also be underpinned by statute - simply does not wash.

Firstly, the statutory framework. In the Data Protection Act (DPA) there are defined Special Purposes that can exempt certain activities from the act, and journalism is one of them. To keep this privilege in check, there is a Special Purpose enforcement mechanism, enforced by a statutory regulator - the ICO, underpinned by a statutory appeals mechanism: the tribunal system.

Although members of the press don't take much notice of the DPA because, wrongly, they think they are wholly exempt thanks to the Special Purpose proviso in Section 32 of the law, there is a regulatory structure that applies to the personal data they process.

For instance, the Seventh Principle of the act - which handles the computer security aspect of "unauthorised or unlawful processing of personal data" - is not exempt in Section 32 and fully applies to all data processing by the press.

So, if the press lost personal data relating to an exclusive exposure of a celebrity’s peccadillos after a heavy liquid lunch on expenses that are not subject to FOI requests, that security breach would be a reportable data loss under the current data protection arrangements. Such a loss could even attract a Monetary Penalty Notice (a statutory penalty) as sensitive personal data would have been lost.

In addition, the Section 32 exemption applies to personal data processed “with a view to publication”. So personal data not subject to a “view to publication” is fully subject to the act and the Section 32 exemption does not apply. For example, when the press unlawfully obtained ex-directory numbers, they had no intention to publish these numbers, so the personal data was not held "with a view to publication" and the First Principle ("personal data shall be processed fairly and lawfully") would apply fully.

Judges already wield data protection laws against journalists

Even with the Section 32 exemption the rest of the exemption was only meant to apply up to the point of publication (see Naomi Campbell*). There are numerous court cases involving judges applying the data protection principles to press activities. The point being made is that processing by the press is already subject to a statutory framework which is legally tested.

Indeed, in the post-Leveson era, one can expect that much more processing by the press will be identified as fully subject to the statutory-based DPA.

Even the existing Press Complaints Commission’s Code of Practice has statutory status under the DPA in exactly the same form as the Ofcom Broadcasting Code (originally published by the Broadcasting Standards Commission under section 107 of the Broadcasting Act 1996). Both these codes, one voluntary and the other statutory regulated, are equated by the Data Protection (Designated Codes of Practice) (No. 2) Order 2000.

The explanatory memorandum for this order states that both codes have been designated “for the purposes of section 32(3) of the Data Protection Act 1998” and that “compliance with any of the designated codes may be taken into account when considering for the purposes of section 32(1)(b) of the act whether the belief of a data controller that the publication of any journalistic, literary or artistic material would be in the public interest was reasonable”.

In other words, personal data processed by the press is subject to a detailed statutory regime, and the current Press Complaints Commission’s Code of Practice has a statutory underpinning in relation to that processing "in the public interest".

So whatever the reason for not having a statutory provision that requires the independent regulator to be created, it is not because this is a "first" attempt.

That is why my urgent telegram message to Mr Cameron is quite simple: “Rubicon crossed. Not 'first time'. Valid excuse needed". ®

Bootnotes

* Naomi Campbell v MGN Ltd. [2002] EWCA Civ 1373 (14 October 2002) (from paragraph 108); changed the status of the S.32 exemption from that debated in Parliament.

Just a thought: could the Information Commissioner have stopped the use of ex-directory numbers by the press? And for more details of Leveson’s recommendations regarding data protection, check out the Panopticon Blog.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.