Previous 45 / 59 Next
Normal view
Judgment Approved by the court for handing down.

R (Bridges) -v- CC South Wales & ors

ANNEX A
LEGAL FRAMEWORK
Legislation
Data Protection Act 1998 (“DPA 1998”)
1.

Section 1(1) of the DPA 1998 defined "personal data" as:
“… data which relate to a living individual who can be identified
(a) from those data, or (b) from those data and other information
which is in the possession of, or is likely to come into the
possession of, the data controller”.

2.

Section 1(1) of the DPA 1998 defined "data processing" as:
“… obtaining, recording or holding the information or data or
carrying out any operation or set of operations on the information
or data” [with a range of non-exhaustive examples given].

3.

Section 4(4) provided that it was:
“… the duty of a data controller to comply with the data
protection principles in relation to all personal data with respect
to which he is the data controller” [subject to section 27(1)
concerning the exemptions].

4.

The data protection principles were set out in Schedule 1 to the DPA 1998:
(1) Principle 1 is that personal data shall be processed fairly and lawfully and, in
particular, shall not be “processed” at all unless it is necessary for a relevant purpose
(referred to in Schedule 2 below). In the case of the police, the relevant purposes are
the administration of justice and the exercise of any other function of a public nature
exercised in the public interest.
(2) Principle 2 is that personal data may be obtained only for lawful purposes and may
not be further “processed” in a manner incompatible with those purposes.
(3) Principle 3 is that the data must be “adequate, relevant and not excessive” for the
relevant purpose.
(4) Principle 4 is that data shall be accurate and, where necessary, kept up to date.
(5) Principle 5 is that the data may not be kept for longer than is necessary for those
purposes.
(6) Principle 6 is that personal data shall be processed in accordance with the rights of
data subjects under this Act.
(7) Principle 7 is that proper and proportionate technical and organisational measures
must be taken against the unauthorised or unlawful “processing” of the data.

Select target paragraph3

  • Uwazi is developed by uwazi

    in Kenya, Ecuador, Spain, Germany and USA.

  •  
  • Surveillance Oversight Database
  •  
  • Library
  • Login