Privacy Policies – Do I Need One?
The First Data Protection Principle – Fair and Lawful Processing
Data controllers (those people who decide the purpose for which personal data will be used – 'processed' in data protection speak) must process personal data fairly and lawfully. If a data subject (an individual whose personal data are being processed) complains that his personal data have not been processed fairly, the Information Commissioner's Office (the ICO) will look at how the personal data were obtained, and whether anyone has been misled about the purposes of the processing.
In most cases the processing will not be fair unless the data controller has informed the data subject about:
Processing personal data is unlawful unless the data controller meets one of the conditions in Schedule 2 (or in the case of sensitive personal data, Schedule 3) of the DPA. In some cases, but by no means all, that may mean obtaining the data subject’s consent.
Consent need not be in writing, but it must be active – you can’t infer consent from a lack of response, but you can infer it from an action. So, if:
The Eighth Data Protection Principle – Transferring Personal Data outside the EEA
The Fourth Data Protection Principle – Keeping Personal Data Accurate and Up-to-Date
The Sixth Data Protection Principle – Processing in accordance with the Rights of Data Subjects
If you would like further advice about any of the issues considered above please contact
Christine Reid on 01865 864195 or email her at firstname.lastname@example.org.
This article is not intended to be, and should not be taken as being, legal advice. The law often changes and it varies from jurisdiction to jurisdiction; the information in this article is generic in nature and specific legal advice should be taken before acting on any of it.
© Northwood Reid 2009. The use, copying and dissemination of this article are subject to our