Page 142 - Law and the Media
P. 142

The Data Protection Act 1998
             The right to information and access to personal information should be distinguished from the
             obligation on public bodies to provide freedom of information under the Code of Practice on
             Access to Government Information 1997 and the Freedom of Information Act 2000, both of
             which are considered in Chapter 14.


             7.2 The Data Protection Act 1998


             7.2.1 History

             The common law was slow to keep up with developments in the technology of acquiring,
             storing and processing data. Even in the 1970s it was recognized that an action in breach of
             confidence, the only realistic common law remedy, was inadequate to address the use of data
             in the computer age. The increased use of computers and, in recent years, the Internet to
             acquire and store information has made it increasingly important to protect against abuse of
             personal data.


             Domestic legislation in the United Kingdom concerning data protection has been shaped by
             European legislation. In 1984, the Data Protection Act 1984 was passed to comply with the
             provisions of the European Convention for the Protection of the Individual with regard to the
             Automatic Processing of Personal Data. In 1998, the DPA was passed in order to comply
             with the European Union’s directive on the processing of personal data and the free
             movement of such data. The majority of the DPA’s provisions came into force on 1 March
             2000, replacing the Data Protection Act 1984.



             7.2.2 General principles

             The DPA significantly extends the obligations imposed under the Data Protection Act 1984
             on ‘data controllers’. The data controller must:


                      Register with, pay a fee to and provide certain information to the Data Protection
                      Commissioner
                      Obtain and process personal data in accordance with the data protection principles
                      under the DPA.

             Information about deceased individuals is not subject to the DPA. Information about
             companies is not subject to the DPA unless named individuals are referred to as a point of
             contact.

             The DPA also extends the rights of individuals who are the subject of personal data. Such a
             person is entitled to write to the data controller asking whether any personal data concerning
             him is being processed. He is also entitled to ask the data controller to stop processing such
             information if it is causing or is likely to cause him substantial damage. He may also apply
                                                                                           105
   137   138   139   140   141   142   143   144   145   146   147