Established in 1984 and updated in 1998, the Data Protection Act sets out the various rights of the people designated as data controllers, data users and data subjects, as well as general rules for dealing with data. It aims to prevent exploitation of the data subject's data.
NB:The laws mentioned here apply to Britain, although similar ones probably exist in many other countries.
The act specifies seven rights given to data subjects:
- Data subjects must be given a copy of any data held about them, and the reason it is being held, upon request. The individual must also be told how the data was obtained and to whom it may be passed.
- If the processing of the data has not previously been authorised by the data subject, and the processing is not necessary for a legal reason or to protect the data subject, then the data subject may ask that the processing stops if he deems that it will cause damage or distress.
- A data subject may ask that the processing stops if the processing is for the purpose of direct marketing.
- A data subject may ask that automated decisions made using the data are not used as the sole source of data for decision-making processes relating to him. He may also demand to be told when such decisions are made.
- If a data subject incurs losses or damage due to the illegal processing of the data, he may claim compensation. A bit of a no-brainer, this one...
- A data subject can use a court to order the data controller to correct or erase any inaccurate data pertaining to him.
- A data subject can request an inquiry into the processing of data pertaining to him to see that it is legal (as defined by the Act itself).
In addition to the rights, there are eight principles which everyone must obey:
- Personal data may be processed only when one of more of the following conditions are met:
- Personal data may only be obtained for a specified, lawful purpose and cannot be used in other way;
- The data must be relevant to the purpose specified;
- The data must be be accurate and (if applicable) up to date;
- The data must be kept for no longer than necessary;
- The data must be processed giving due attention to the rights of the Data Subject;
- Steps must be taken to ensure the safety of the data against illegal processing, theft and other loss or damage to the data.
- The data must not be transferred outside of the European Union unless the destination country has adequate laws detailing the safety of the data;
Exemptions (the bit They don't want you to notice)
Any and all
of the above condition
s do not apply if the data
is used for one or more of the purpose
s listed below
Back to Computers, the Law and You