Data Protection Act 1998 meaning

In this issue: Criminal procedure and evidence Proceeds of crime Appeal and judicial review Sentencing Bribery, corruption, sanctions and export controls Cybercrime and data protection offences Environmental offences Financial services and pensions offences Food safety and hygiene offences Fraud, forgery, tax and theft offences Health and safety and corporate manslaughter offences Local authority prosecutions Money laundering International LexTalk®Corporate Crime: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information Criminal procedure and evidence Court delays soar as backlogs break records Between April and June 2025, the criminal courts in England and Wales amassed an unprecedented caseload of almost 440,000, with incoming matters exceeding disposals and a system hampered by long-standing funding shortfalls. In response, the Ministry of Justice (MOJ), together with The Rt Hon David Lammy MP, confirmed extra resources to accelerate outcomes for...

How has the exemption available for controllers under the GDPR in relation to liability to compensate data subjects changed? Under the earlier Data Protection Directive 95/46/EC (Article 23(2)), where a person was entitled to damages from a controller due to unlawful processing, the controller could rely on a potential exemption if it was not responsible for the event that caused the loss. Recital 55 offered two illustrations of situations for which the controller would not bear responsibility: a mistake by the data subject, and a case of force majeure The language of these provisions lacked clarity, and the concept of ‘force majeure’ has no consistent definition across EU legal systems (it does not even carry a settled meaning in English law, depending heavily on contractual wording). Unsurprisingly, this carve-out, and the reference to force majeure, was therefore loosely carried across into national implementing legislation. For example, the Data Protection Act 1998 (DPA 1998) gave a controller a defence in claims for compensation...

In this issue: Autumn Budget 2024 Brexit highlights Brexit SIs Subsidy control and State aid Judicial review Equality and human rights Constitutional and administrative law Information law Other Public law news LexTalk®Public Law: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers New Q&As Useful information Autumn Budget 2024 Bar Council responds to Autumn Budget 2024 The Bar Council has issued its reaction to the Autumn Budget, praising the ‘overall settlement for justice’. The settlement sets a departmental expenditure limit of £13.8bn for 2025–2026 for the Ministry of Justice. The Bar Council’s Chair, Sam Townend, welcomed the uplift, describing it as an overdue move towards treating justice as a core public service. He nevertheless cautioned that the sector remains far from recovery, pointing to a 20% real-terms per person cut in justice funding since 2010. To move beyond crisis...

ARCHIVED: This archived Practice Note outlines and summarises the data protection regime in place before 25 May 2018 and describes the position under the Data Protection Act 1998 (DPA 1998). It is supplied for background purposes only and therefore is not kept up to date. The Note deals specifically with the DPA 1998’s applicability and territorial reach. When assessing whether the DPA 1998 applies, consider the following key points: the nature of the data being processed—the DPA 1998 strictly applies only to processing of personal data; other information (eg statistical material or data that does not relate to an identifiable person) is outside scope where the data controller is established—the DPA 1998 applies only to data controllers established in the UK who process personal data in the context of that establishment...

ARCHIVED: This archived Practice Note outlines the data protection framework prior to 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). It is provided for background reference only and is not maintained. Information Commissioner Under the DPA 1998, the Information Commissioner and officials at the Information Commissioner’s Office (ICO) are responsible for enforcement. The Commissioner reports directly to Parliament. promote sound practice and compliance with the DPA 1998 by data controllers publish information and provide advice produce codes of practice international co-operation: with the European Commission and supervisory authorities in other European Economic Area (EEA) states in respect of the United Kingdom’s international obligations concerning the Council of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data The ICO has issued a guide to data protection to support data controllers. The ICO website also provides numerous...

Drones ‘Drone’—also known as an ‘unmanned aircraft’—describes an aircraft without a pilot on board, operated remotely via pre-flight and in-flight programming and directed by a ground-based pilot in command, as required by current rules... remotely piloted aircraft system (RPAS) unmanned aerial vehicle (UAV) unmanned aircraft system (UAS) UAV refers to the aircraft itself and sits within the broader UAS. The remainder of the system comprises command-and-control links, sensors and/or data recording equipment, plus a computer or tablet for data storage... This Practice Note examines privacy and data protection matters linked to civilian drone use, including: Why drones give rise to data protection concerns UAS regulations The United Kingdom General Data Protection Regulation (UK GDPR) as it applies to drones Surveillance Ownership of data captured by drones Data sharing and publishing Be aware that ‘drone’ may also denote military, intelligence service, and law enforcement UAVs...

1 Definitions and interpretation 1.1 [ Include the following additional definitions in the definitions clause of the Asset purchase agreement (if required) ] Accounts Date • [ specify day and month ] 20[ specify year ]; Business • the undertaking of [ provide a description of the business being acquired ] carried on by the Seller, together with all other activities, including those ancillary, incidental to, or connected with that undertaking, as conducted by the Seller; Buyer • [ provide details ]; Completion • the finalisation of the sale and purchase of the Business through the Parties performing their respective obligations in accordance with clause [ x ]; Completion Date • [ the day on which Completion occurs OR a date no later than the [ third ] Business Day after the date on which the last of the Conditions is satisfied or waived, or the date to which Completion is deferred ] pursuant to clause [ x ]; Data Protection...

Definitions 1 In this Agreement, unless context requires otherwise, the terms and phrases below carry the meanings given: 1.1 ‘Code of Practice’ refers to the Code of Practice concerning the discharge of duties by public authorities under the Environmental Information Regulations 2004 (SI 2004/3391), issued pursuant to Regulation 16 of those Regulations, February 2005; 1.2 ‘DPA 2018’ means the Data Protection Act 2018 (2018/c.12) (as amended); 1.3 ‘EIR 2004’ means Environmental Information Regulations 2004 (SI 2004/3391) (as amended); 1.4 ‘FIA 2000’ means the Freedom of Information Act 2000 (2000/c. ...

The Freedom of Information Act 2000 (FIA 2000) and the Data Protection Act 1998 (DPA 1998) are distinct regimes, save for the overlap raised here. They otherwise operate separately from one another as a rule. FIA 2000 contains various exemptions. Those exemptions mean the kind, character or even the presence of the information need not be revealed under FIA 2000. For this scenario, the pertinent carve-out is in FIA 2000, s 40, in particular FIA 2000, ss 40(1) and 40(5)(a). Where the material amounts to personal data and the data subject seeks disclosure via FIA 2000, the exemption applies in absolute terms...

We have concentrated specifically on sections 108–110 of the Digital Economy Act 2017 (DEA 2017) and sections 132–133 of the draft Data Protection Bill 2017 (DPB 2017) for the purposes of this Q&A. Part III of the Data Protection Act 1998 (DPA 1998) obliges data controllers who handle personal data to notify the Information Commissioner of their processing for inclusion in the register maintained by the Information Commissioner’s Office (ICO). Controllers seeking to register must pay an applicable fee. For further details, consult the Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188, and official guidance from the Information Commissioner...