|
|
 |
|
 |
Data Protection Act 1984
| | |
|
| An Act to regulate the use of automatically processed information relating to individuals and the provision of services in respect of such information. | |
|
|
| | |
|
| Be it enacted by the Queen’s most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:— | |
|
|
| | |
|
| Definition of “data” and related expressions. | |
|
|
| | |
|
| (1) The following provisions shall have effect for the interpretation of this Act. | |
|
|
| | |
|
| (2) “Data” means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose. | |
|
|
| | |
|
| (3) “Personal data” means data consisting of information which relates to a living individual who can be identified from that information (or from that and other information in the possession of the data user), including any expression of opinion about the individual but not any indication of the intentions of the data user in respect of that individual. | |
|
|
| | |
|
| (4) “Data subject” means an individual who is the subject of personal data. | |
|
|
| | |
|
| (5) “Data user” means a person who holds data, and a person “holds” data if— | |
|
|
| | |
|
| (6) A person carries on a “computer bureau” if he provides other persons with services in respect of data, and a person provides such services if— | |
|
|
| | |
|
| (7) “Processing”, in relation to data, means amending, augmenting, deleting or re-arranging the data or extracting the information constituting the data and, in the case of personal data, means performing any of those operations by reference to the data subject. | |
|
|
| | |
|
| (9) “Disclosing”, in relation to data, includes disclosing information extracted from the data; and where the identification of the individual who is the subject of personal data depends partly on the information constituting the data and partly on other information in the possession of the data user, the data shall not be regarded as disclosed or transferred unless the other information is also disclosed or transferred. | |
|
|
| | |
|
| The data protection principles. | |
|
|
| | |
|
| (2) The first seven principles apply to personal data held by data users and the eighth applies both to such data and to personal data in respect of which services are provided by persons carrying on computer bureaux. | |
|
|
| | |
|
| (3) The Secretary of State may by order modify or supplement those principles for the purpose of providing additional safeguards in relation to personal data consisting of information as to— | |
|
|
| | |
|
| and references in this Act to the data protection principles include, except where the context otherwise requires, references to any modified or additional principle having effect by virtue of an order under this subsection. | |
|
|
| | |
|
| The Registrar and the Tribunal. | |
|
|
| | |
|
| (1) For the purposes of this Act there shall be— | |
|
|
| | |
|
| (2) The Registrar shall be appointed by Her Majesty by Letters Patent. | |
|
|
| | |
|
| (3) The Tribunal shall consist of— | |
|
|
| | |
|
| (6) Schedule 2 to this Act shall have effect in relation to the Registrar and the Tribunal. | |
|
|
| | |
|
| Part II
Registration and Supervision of Data Users and
Computer Bureaux | |
|
|
| | |
|
| Registration of data users and computer bureaux. | |
|
|
| | |
|
| (1) The Registrar shall maintain a register of data users who hold, and of persons carrying on computer bureaux who provide services in respect of, personal data and shall make an entry in the register in pursuance of each application for registration, accepted by him under this Part of this Act. | |
|
|
| | |
|
| (2) Each entry shall state whether it is in respect of a data user, of a person carrying on a computer bureau or of a data user who also carries on such a bureau. | |
|
|
| | |
|
| (3) Subject to the provisions of this section, an entry in respect of a data user shall consist of the following particulars— | |
|
|
| | |
|
| (4) Subject to the provisions of this section, an entry in respect of a person carrying on a computer bureau shall consist of that person’s name and address. | |
|
|
| | |
|
| (5) Subject to the provisions of this section, an entry in respect of a data user who also carries on a computer bureau shall consist of his name and address and, as respects the personal data to be held by him, the particulars specified in subsection (3)(b) to (f) above. | |
|
|
| | |
|
| (8) The Secretary of State may by order vary the particulars to be included in entries made in the register. | |
|
|
| | |
|
| Prohibition of unregistered holding etc. of personal data. | |
|
|
| | |
|
| (1) A person shall not hold personal data unless an entry in respect of that person as a data user, or as a data user who also carries on a computer bureau, is for the time being contained in the register. | |
|
|
| | |
|
| (2) A person in respect of whom such an entry is contained in the register shall not— | |
|
|
| | |
|
| (4) A person shall not, in carrying on a computer bureau, provide services in respect of personal data unless an entry in respect of that person as a person carrying on such a bureau, or as a data user who also carries on such a bureau, is for the time being contained in the register. | |
|
|
| | |
|
| Applications for registration and for amendment of registered particulars. | |
|
|
| | |
|
| (1) A person applying for registration shall state whether he wishes to be registered as a data user, as a person carrying on a computer bureau or as a data user who also carries on such a bureau, and shall furnish the Registrar, in such form as he may require, with the particulars required to be included in the entry to be made in pursuance of the application. | |
|
|
| | |
|
| (2) Where a person intends to hold personal data for two or more purposes he may make separate applications for registration in respect of any of those purposes. | |
|
|
| | |
|
| (3) A registered person may at any time apply to the Registrar for the alteration of any particulars included in the entry or entries relating to that person. | |
|
|
| | |
|
| (6) Any person who, in connection with an application for registration or for the alteration of registered particulars, knowingly or recklessly furnishes the Registrar with information which is false or misleading in a material respect shall be guilty of an offence. | |
|
|
| | |
|
| (7) Every application for registration shall be accompanied by the prescribed fee, and every application for the alteration of registered particulars shall be accompanied by such fee, if any, as may be prescribed. | |
|
|
| | |
|
| (8) Any application for registration or for the alteration of registered particulars may be withdrawn by notice in writing to the Registrar at any time before the applicant receives a notification in respect of the application undersection 7(1) below. | |
|
|
| | |
|
| Acceptance and refusal of applications. | |
|
|
| | |
|
| (1) Subject to the provisions of this section, the Registrar shall as soon as practicable and in any case within the period of six months after receiving an application for registration or for the alteration of registered particulars notify the applicant in writing whether his application has been accepted or refused; and where the Registrar notifies an applicant that his application has been accepted the notification shall contain a statement of— | |
|
|
| | |
|
| (4) Where the Registrar refuses an application under this section he shall give his reasons and inform the applicant of the rights of appeal conferred by section 13 below. | |
|
|
| | |
|
| Duration and renewal of registration. | |
|
|
| | |
|
| (1) No entry shall be retained in the register after the expiration of the initial period of registration except in pursuance of a renewal application made to the Registrar in accordance with this section. | |
|
|
| | |
|
| (3) The person making an application for registration or a renewal application may in his application specify as the initial period of registration or, as the case may be, as the renewal period, a period shorter than that prescribed, being a period consisting of one or more complete years. | |
|
|
| | |
|
| (4) Where the Registrar notifies an applicant for registration that his application has been accepted the notification shall include a statement of the date when the initial period of registration will expire. | |
|
|
| | |
|
| (5) Every renewal application shall be accompanied by the prescribed fee, and no such application shall be made except in the period of six months ending with the expiration of— | |
|
|
| | |
|
| (6) Any renewal application may be sent by post, and the Registrar shall acknowledge its receipt and notify the applicant in writing of the date until which the entry in question will be retained in the register in pursuance of the application. | |
|
|
| | |
|
| (7) Without prejudice to the foregoing provisions of this section, the Registrar may at any time remove an entry from the register at the request of the person to whom the entry relates. | |
|
|
| | |
|
| Inspection etc. of registered particulars. | |
|
|
| | |
|
| (1) The Registrar shall provide facilities for making the information contained in the entries in the register available for inspection (in visible and legible form) by members of the public at all reasonable hours and free of charge. | |
|
|
| | |
|
| (2) The Registrar shall, on payment of such fee, if any, as may be prescribed, supply any member of the public with a duly certified copy in writing of the particulars contained in the entry made in the register in pursuance of any application for registration. | |
|
|
| | |
|
| (1) If the Registrar is satisfied that a registered person has contravened or is contravening any of the data protection principles he may serve him with a notice (“an enforcement notice”) requiring him to take, within such time as is specified in the notice, such steps as are so specified for complying with the principle or principles in question. | |
|
|
| | |
|
| (2) In deciding whether to serve an enforcement notice the Registrar shall consider whether the contravention has caused or is likely to cause any person damage or distress. | |
|
|
| | |
|
| (3) An enforcement notice in respect of a contravention of the fifth data protection principle may require the data user— | |
|
|
| | |
|
| (5) An enforcement notice shall contain— | |
|
|
| | |
|
| (8) The Registrar may cancel an enforcement notice by written notification to the person on whom it was served. | |
|
|
| | |
|
| (9) Any person who fails to comply with an enforcement notice shall be guilty of an offence; but it shall be a defence for a person charged with an offence under this subsection to prove that he exercised all due diligence to comply with the notice in question. | |
|
|
| | |
|
| (1) If the Registrar is satisfied that a registered person has contravened or is contravening any of the data protection principles he may— | |
|
|
| | |
|
| (2) In deciding whether to serve a de-registration notice the Registrar shall consider whether the contravention has caused or is likely to cause any person damage or distress, and the Registrar shall not serve such a notice unless he is satisfied that compliance with the principle or principles in question cannot be adequately secured by the service of an enforcement notice. | |
|
|
| | |
|
| (3) A de-registration notice shall contain— | |
|
|
| | |
|
| (6) The Registrar may cancel a de-registration notice by written notification to the person on whom it was served. | |
|
|
| | |
|
| (7) References in this section to removing any particulars include references to restricting any description which forms part of any particulars. | |
|
|
| | |
|
| Transfer prohibition notices. | |
|
|
| | |
|
| (1) If it appears to the Registrar that— | |
|
|
| | |
|
| (2) Where the place to which the data are to be transferred is not in a State bound by the European Convention the Registrar must be satisfied that the transfer is likely to contravene, or lead to a contravention of, any of the data protection principles. | |
|
|
| | |
|
| (3) Where the place to which the data are to be transferred is in a State bound by the European Convention the Registrar must be satisfied either— | |
|
|
| | |
|
| (4) In deciding whether to serve a transfer prohibition notice the Registrar shall consider whether the notice is required for preventing damage or distress to any person and shall have regard to the general desirability of facilitating the free transfer of data between the United Kingdom and other states and territories. | |
|
|
| | |
|
| (5) A transfer prohibition notice shall specify the time when it is to take effect and contain— | |
|
|
| | |
|
| (8) The Registrar may cancel a transfer prohibition notice by written notification to the person on whom it was served. | |
|
|
| | |
|
| (9) No transfer prohibition notice shall prohibit the transfer of any data where the transfer of the information constituting the data is required or authorised by or under any enactment or required by any convention or other instrument imposing an international obligation on the United Kingdom. | |
|
|
| | |
|
| (10) Any person who contravenes a transfer prohibition notice shall be guilty of an offence; but it shall be a defence for a person charged with an offence under this subsection to prove that he exercised all due diligence to avoid a contravention of the notice in question. | |
|
|
| | |
|
| (11) For the purposes of this section a place shall be treated as in a State bound by the European Convention if it is in any territory in respect of which the State is bound. | |
|
|
| | |
|
| (1) A person may appeal to the Tribunal against— | |
|
|
| | |
|
| Determination of appeals. | |
|
|
| | |
|
| the Tribunal shall allow the appeal or substitute such other decision or notice as could have been made or served by the Registrar; and in any other case the Tribunal shall dismiss the appeal. | |
|
|
| | |
|
| (2) The Tribunal may review any determination of fact on which the refusal or notice in question was based. | |
|
|
| | |
|
| (5) Any party to an appeal to the Tribunal may appeal from the decision of the Tribunal on a point of law to the appropriate court; and that court shall be— | |
|
|
| | |
|
| Miscellaneous and supplementary | |
|
|
| | |
|
| Unauthorised disclosure by computer bureau. | |
|
|
| | |
|
| (1) Personal data in respect of which services are provided by a person carrying on a computer bureau shall not be disclosed by him without the prior authority of the person for whom those services are provided. | |
|
|
| | |
|
| (3) Any person who knowingly or recklessly contravenes this section shall be guilty of an offence. | |
|
|
| | |
|
| Powers of entry and inspection. | |
|
|
| | |
|
| 16. Schedule 4 to this Act shall have effect for the detection of offences under this Act and contraventions of the data protection principles. | |
|
|
| | |
|
| Disclosure of information. | |
|
|
| | |
|
| (1) No enactment or rule of law prohibiting or restricting the disclosure of information shall preclude a person from furnishing the Registrar or the Tribunal with any information necessary for the discharge of their functions under this Act. | |
|
|
| | |
|
| (2) For the purposes of section 2 of the Official Secrets Act 1911 (wrongful communication of information)— | |
|
|
| | |
|
| shall be deemed to hold office under Her Majesty. | |
|
|
| | |
|
| (1) Any notice notification authorised or required by this Act to be served on or given to any person by the Registrar may— | |
|
|
| | |
|
| (3) This section is without prejudice to any other lawful method of serving or giving a notice or notification. | |
|
|
| | |
|
| Prosecutions and penalties. | |
|
|
| | |
|
| (1) No proceedings for an offence under this Act shall be instituted— | |
|
|
| | |
|
| Liability of directors etc. | |
|
|
| | |
|
| (1) Where an offence this Act has been committed by a body corporate and is proved to have been committed with the consent or connivance of or to be attributable to any neglect on the part of any director, manager, secretary or similar officer of the body corporate or any person who was purporting to act in any such capacity, he as well as the body corporate shall be guilty of that offence and be liable to be proceeded against and punished accordingly. | |
|
|
| | |
|
| Part III
Rights of Data Subjects | |
|
|
| | |
|
| Right of access to personal data. | |
|
|
| | |
|
| (1) Subject to the provisions of this section, an individual shall be entitled— | |
|
|
| | |
|
| (3) In the case of a data user having separate entries in the register in respect of data held for different purposes a separate request must be made and a separate fee paid under this section in respect of the data to which each entry relates. | |
|
|
| | |
|
| (4) A data user shall not be obliged to comply with a request under this section— | |
|
|
| | |
|
| (7) The information to be supplied pursuant to a request under this section shall be supplied by reference to the data in question at the time when the request is received except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request. | |
|
|
| | |
|
| (8) If a court is satisfied on the application of any person who has made a request under the foregoing provisions of this section that the data user in question has failed to comply with the request in contravention of those provisions, the court may order him to comply with the request; but a court shall not make an order under this subsection if it considers that it would in all the circumstances be unreasonable to do so, whether because of the frequency with which the applicant has made requests to the data user under those provisions or for any other reason. | |
|
|
| | |
|
| (9) The Secretary of State may by order provide for enabling a request under this section to be made on behalf of any individual who is incapable by reason of mental disorder of managing his own affairs. | |
|
|
| | |
|
| Compensation for inaccuracy. | |
|
|
| | |
|
| (1) An individual who is the subject of personal data held by a data user and who suffers damage by reason of the inaccuracy of the data shall be entitled to compensation from the data user for that damage and for any distress which the individual has suffered by reason of the inaccuracy. | |
|
|
| | |
|
| (3) In proceedings brought against any person by virtue of this section it shall be a defence to prove that he had taken such care as in all the circumstances was reasonably required to ensure the accuracy of the data at the material time. | |
|
|
| | |
|
| (4) Data are inaccurate for the purposes of this section if incorrect or misleading as to any matter of fact. | |
|
|
| | |
|
| Compensation for loss or unauthorised disclosure. | |
|
|
| | |
|
| (1) An individual who is the subject of personal data held by a data user or in respect of which services are provided by a person carrying on a computer bureau and who suffers damage by reason of— | |
|
|
| | |
|
| shall be entitled to compensation from the data user or, as the case may be, the person carrying on the bureau for that damage and for any distress which the individual has suffered by reason of the loss, destruction, disclosure or access. | |
|
|
| | |
|
| (3) In proceedings brought against any person by virtue of this section it shall be a defence to prove that he had taken such care as in all the circumstances was reasonably required to prevent the loss, destruction, disclosure or access in question. | |
|
|
| | |
|
| Rectification and erasure. | |
|
|
| | |
|
| (3) If a court is satisfied on the application of a data subject— | |
|
|
| | |
|
| the court may order the erasure of the data; but, in the case of data in respect of which services were being provided by a person carrying on a computer bureau, the court shall not make such an order unless such steps as are reasonably practicable have been taken for notifying the person for whom those services were provided and giving him an opportunity to be heard. | |
|
|
| | |
|
| Jurisdiction and procedure. | |
|
|
| | |
|
| (2) In this Part of this Act “the subject access provisions” means— | |
|
|
| | |
|
| (3) In this Part of this Act “the non-disclosure provisions” means— | |
|
|
| | |
|
| (4) Except as provided by this Part of this Act the subject access provisions shall apply notwithstanding any enactment or rule of law prohibiting or restricting the disclosure, or authorising the withholding, of information. | |
|
|
| | |
|
| (5) A document purporting to be such a certificate as is mentioned in this section shall be received in evidence and deemed to be such a certificate unless the contrary is proved. | |
|
|
| | |
|
| (6) The powers conferred by this section on a Minister of the Crown shall not be exercisable except by a Minister who is a member of the Cabinet or by the Attorney General or the Lord Advocate. | |
|
|
| | |
|
| (1) Personal data held for any of the following purposes— | |
|
|
| | |
|
| are exempt from the subject access provisions in any case in which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in this subsection. | |
|
|
| | |
|
| are exempt from the subject access provisions to the same extent as personal data held for any of the purposes mentioned in that subsection. | |
|
|
| | |
|
| (3) Personal data are exempt from the non-disclosure provisions in any case in which— | |
|
|
| | |
|
| (1) The Secretary of State may by order exempt from the subject access provisions, or modify those provisions in relation to, personal data consisting of information as to the physical or mental health of the data subject. | |
|
|
| | |
|
| (2) The Secretary of State may by order exempt from the subject access provisions, or modify those provisions in relation to, personal data of such other descriptions as may be specified in the order, being information— | |
|
|
| | |
|
| but the Secretary of State shall not under this subsection confer any exemption or make any modification except so far as he considers that the application to the data of those provisions (or of those provisions without modification) would be likely to prejudice the carrying out of social work. | |
|
|
| | |
|
| (3) An order under this section may make different provision in relation to data consisting of information of different descriptions. | |
|
|
| | |
|
| Regulation of financial services etc. | |
|
|
| | |
|
| (1) Personal data held for the purpose of discharging statutory functions to which this section applies are exempt from the subject access provisions in any case in which the application of those provisions to the data would be likely to prejudice the proper discharge of those functions. | |
|
|
| | |
|
| (2) This section applies to any functions designated for the purposes of this section by an order made by the Secretary of State, being functions conferred by or under any enactment appearing to him to be designed for protecting members of the public against financial loss due to dishonesty, incompetence or malpractice by persons concerned in the provision of banking, insurance, investment or other financial services or in the management of companies or to the conduct of discharged or undischarged bankrupts. | |
|
|
| | |
|
| Judicial appointments and legal professional privilege. | |
|
|
| | |
|
| (1) Personal data held by a government department are exempt from the subject access provisions if the data consist of information which has been received from a third party and is held as information relevant to the making of judicial appointments. | |
|
|
| | |
|
| (2) Personal data are exempt from the subject access provisions if the data consist of information in respect of which a claim to legal professional privilege (or, in Scotland, to confidentiality as between client and professional legal adviser) could be maintained in legal proceedings. | |
|
|
| | |
|
| (5) In this section “remuneration” includes remuneration in kind and “pensions” includes gratuities or similar benefits. | |
|
|
| | |
|
| Domestic or other limited purposes. | |
|
|
| | |
|
| (1) Personal data held by an individual and concerned only with the management of his personal, family or household affairs or held by him only for recreational purposes are exempt from the provisions of Part II of this Act and of sections 21 to 24 above. | |
|
|
| | |
|
| (6) Personal data held only for— | |
|
|
| | |
|
| are exempt from the subject access provisions; but it shall be a condition of that exemption that the data are not used or disclosed for any other purpose and that the resulting statistics or the results of the research are not made available in a form which identifies the data subjects or any of them. | |
|
|
| | |
|
| (2) The Secretary of State may by order exempt from the subject access provisions personal data consisting of information the disclosure of which is prohibited or restricted by or under any enactment if he considers that the prohibition or restriction ought to prevail over those provisions in the interests of the data subject or of any other individual. | |
|
|
| | |
|
| (3) Where all the personal data relating to a data subject held by a data user (or all such data in respect of which a data user has a separate entry in the register) consist of information in respect of which the data subject is entitled to make a request to the data user under section 158 of the Consumer Credit Act 1974 (files of credit reference agencies)— | |
|
|
| | |
|
| (4) Personal data are exempt from the subject access provisions if the data are kept only for the purpose of replacing other data in the event of the latter being lost, destroyed or impaired. | |
|
|
| | |
|
| (5) Personal data are exempt from the non-disclosure provisions in any case in which the disclosure is— | |
|
|
| | |
|
| (6) Personal data are exempt from the non-disclosure provisions in any case in which— | |
|
|
| | |
|
| (9) A person need not comply with a notice, request or order under the subject access provisions if compliance would expose him to proceedings for any offence other than an offence under this Act; and information disclosed by any person in compliance with such a notice, request or order shall not be admissible against him in proceedings for an offence under this Act. | |
|
|
| | |
|
| whichever is the earlier. | |
|
|
| | |
|
| (4) For the purposes of this section the results of an examination shall be treated as announced when they are first published or (if not published) when they are first made available or communicated to the candidate in question. | |
|
|
| | |
|
| (5) In this section “examination” includes any process for determining the knowledge, intelligence, skill or ability of a candidate by reference to his performance in any test, work or other activity. | |
|
|
| | |
|
| General duties of Registrar. | |
|
|
| | |
|
| (1) It shall be the duty of the Registrar so to perform his functions under this Act as to promote the observance of the data protection principles by data users and persons carrying on computer bureaux. | |
|
|
| | |
|
| (2) The Registrar may consider any complaint that any of the data protection principles or any provision of this Act has been or is being contravened and shall do so if the complaint appears to him to raise a matter of substance and to have been made without undue delay by a person directly affected; and where the Registrar considers any such complaint he shall notify the complainant of the result of his consideration and of any action which he proposes to take. | |
|
|
| | |
|
| (3) The Registrar shall arrange for the dissemination in such form and manner as he considers appropriate of such information as it may appear to him expedient to give to the public about the operation of this Act and other matters within the scope of his functions under this Act and may give advice to any person as to any of those matters. | |
|
|
| | |
|
| (4) It shall be the duty of the Registrar, where he considers it appropriate to do so, to encourage trade associations or other bodies representing data users to prepare, and to disseminate to their members, codes of practice for guidance in complying with the data protection principles. | |
|
|
| | |
|
| (5) The Registrar shall annually lay before each House of Parliament a general report on the performance of his functions under this Act and may from time to time lay before each House of Parliament such other reports with respect to those functions as he thinks fit. | |
|
|
| | |
|
| Co-operation between parties to Convention. | |
|
|
| | |
|
| 37. The Registrar shall be the designated authority in the United Kingdom for the purposes of Article 13 of the European Convention; and the Secretary of State may by order make provision as to the functions to be discharged by the Registrar in that capacity. | |
|
|
| | |
|
| Application to government departments and police. | |
|
|
| | |
|
| (2) A government department shall not be liable to prosecution under this Act but— | |
|
|
| | |
|
| (3) For the purposes of this Act— | |
|
|
| | |
|
| Data held, and services provided, outside the United Kingdom. | |
|
|
| | |
|
| (1) Subject to the following provisions of this section, this Act does not apply to a data user in respect of data held, or to a person carrying on a computer bureau in respect of services provided, outside the United Kingdom. | |
|
|
| | |
|
| (3) Where a person who is not resident in the United Kingdom— | |
|
|
| | |
|
| through a servant or agent in the United Kingdom, this Act shall apply as if that control were exercised or, as the case may be, those things were done in the United Kingdom by the servant or agent acting on his own account and not on behalf of the person whose servant or agent he is. | |
|
|
| | |
|
| (5) This Act does not apply to data processed wholly outside the United Kingdom unless the data are used or intended to be used in the United Kingdom. | |
|
|
| | |
|
| Regulations, rules and orders. | |
|
|
| | |
|
| (1) Any power conferred by this Act to make regulations, rules or orders shall be exercisable by statutory instrument. | |
|
|
| | |
|
| (3) Before making an order under any of the foregoing provisions of this Act the Secretary of State shall consult the Registrar. | |
|
|
| | |
|
| “business” includes any trade or profession; | |
|
|
| | |
|
| “data equipment” means equipment for the automatic processing of data or for recording information so that it can be automatically processed; | |
|
|
| | |
|
| “data material” means any document or other material used in connection with data equipment; | |
|
|
| | |
|
| “enactment” includes an enactment passed after this Act; | |
|
|
| | |
|
| “the European Convention” means the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data which was opened for signature on 28th January 1981; | |
|
|
| | |
|
| “government department” includes a Northern Ireland department and any body or authority exercising statutory functions on behalf of the Crown; | |
|
|
| | |
|
| “prescribed” means prescribed by regulations made by the Secretary of State; | |
|
|
| | |
|
| “the Registrar” means the Data Protection Registrar; | |
|
|
| | |
|
| “registered company” means a company registered under the enactments relating to companies for the time being in force in any part of the United Kingdom; | |
|
|
| | |
|
| “the Tribunal” means the Data Protection Tribunal. | |
|
|
| | |
|
| Commencement and transitional provisions. | |
|
|
| | |
|
| (1) This Act may be cited as the Data Protection Act 1984. | |
|
|
| | |
|
| (2) This Act extends to Northern Ireland. | |
|
|
| | |
|
| (3) Her Majesty may by Order in Council direct that this Act shall extend to any of the Channel Islands with such exceptions and modifications as may be specified in the Order. | |
|
|
| | |
|
| SCHEDULE 1
The Data Protection Principles | |
|
|
| | |
|
| Personal data held by data users | |
|
|
| | |
|
| 1. The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully. | |
|
|
| | |
|
| 2. Personal data shall be held only for one or more specified and lawful purposes. | |
|
|
| | |
|
| 3. Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes. | |
|
|
| | |
|
| 4. Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes. | |
|
|
| | |
|
| 5. Personal data shall be accurate and, where necessary, kept up to date. | |
|
|
| | |
|
| 6. Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. | |
|
|
| | |
|
| 7. An individual shall be entitled— | |
|
|
| | |
|
| (a) at reasonable intervals and without undue delay or expense— | |
|
|
| | |
|
| (b) where appropriate, to have such data corrected or erased. | |
|
|
| | |
|
| Personal data held by data users or in respect of which services are provided
by persons carrying on computer bureaux | |
|
|
| | |
|
| 8. Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data. | |
|
|
| | |
|
| (2) Information shall in any event be treated as obtained fairly if it is obtained from a person who— | |
|
|
| | |
|
| (a) is authorised by or under any enactment to supply it; or | |
|
|
| | |
|
| (b) is required to supply it by or under any enactment or by any convention or other instrument imposing an international obligation on the United Kingdom; | |
|
|
| | |
|
| and in determining whether information was obtained fairly there shall be disregarded any disclosure of the information which is authorised or required by or under any enactment or required by any such convention or other instrument as aforesaid. | |
|
|
| | |
|
| 2. Personal data shall not be treated as held for a specified purpose unless that purpose is described in particulars registered under this Act in relation to the data. | |
|
|
| | |
|
| 3. Personal data shall not be treated as used or disclosed in contravention of this principle unless— | |
|
|
| | |
|
| (a) used otherwise than for a purpose of a description registered under this Act in relation to the data; or | |
|
|
| | |
|
| (b) disclosed otherwise than to a person of a description so registered. | |
|
|
| | |
|
| (2) In determining whether access to personal data is sought at reasonable intervals regard shall be had to the nature of the data, the purpose for which the data are held and the frequency with which the data are altered. | |
|
|
| | |
|
| (3) The correction or erasure of personal data is appropriate only where necessary for ensuring compliance with the other data protection principles. | |
|
|
| | |
|
| (a) to the nature of the personal data and the harm that would result from such access, alteration, disclosure, loss or destruction as are mentioned in this principle; and | |
|
|
| | |
|
| (b) to the place where the personal data are stored, to security measures programmed into the relevant equipment and to measures taken for ensuring the reliability of staff having access to the data. | |
|
|
| | |
|
| Use for historical, statistical or research purposes | |
|
|
| | |
|
| 7. Where personal data are held for historical, statistical or research purposes and not used in such a way that damage or distress is, or is likely to be, caused to any data subject— | |
|
|
| | |
|
| (a) the information contained in the data shall not be regarded for the purposes of the first principle as obtained unfairly by reason only that its use for any such purpose was not disclosed when it was obtained; and | |
|
|
| | |
|
| (b) the data may, notwithstanding the sixth principle, be kept indefinitely. | |
|
|
| | |
|
| SCHEDULE 2
The Data Protection Registrar
and the Data Protection Tribunal | |
|
|
| | |
|
| (1) The Registrar shall be a corporation sole by the name of “The Data Protection Registrar”. | |
|
|
| | |
|
| (1) Subject to the provisions of this paragraph, the Registrar shall hold office for five years. | |
|
|
| | |
|
| (2) The Registrar may be relieved of his office by Her Majesty at his own request. | |
|
|
| | |
|
| (3) The Registrar may be removed from office by Her Majesty in pursuance of an Address from both Houses of Parliament. | |
|
|
| | |
|
| (4) The Registrar shall in any case vacate his office on completing the year of service in which he attains the age of sixty-five years. | |
|
|
| | |
|
| (a) to the Registrar such salary, and | |
|
|
| | |
|
| (b) to or in respect of the Registrar such pension, | |
|
|
| | |
|
| as may be specified by a resolution of the House of Commons. | |
|
|
| | |
|
| (2) A resolution for the purposes of this paragraph may either specify the salary or pension or provide that it shall be the same as that payable to, or to or in respect of, a person employed in a specified office under, or in a specified capacity in the service of, the Crown. | |
|
|
| | |
|
| (3) A resolution for the purposes of this paragraph may take effect from the date on which it is passed or from any earlier or later date specified in the resolution. | |
|
|
| | |
|
| (4) Any salary or pension payable under this paragraph shall be charged on and issued out of the Consolidated Fund. | |
|
|
| | |
|
| (5) In this paragraph “pension” includes an allowance or gratuity and any reference to the payment of a pension includes a reference to the making of payments towards the provision of a pension. | |
|
|
| | |
|
| (a) shall appoint a deputy registrar; and | |
|
|
| | |
|
| (b) may appoint such number of other officers and servants as he may determine. | |
|
|
| | |
|
| (2) The remuneration and other conditions of service of the persons appointed under this paragraph shall be determined by the Registrar. | |
|
|
| | |
|
| (3) The Registrar may pay such pensions, allowances or gratuities to or in respect of the persons appointed under this paragraph, or make such payments towards the provision of such pensions, allowances or gratuities, as he may determine. | |
|
|
| | |
|
| (1) The deputy registrar shall perform the functions conferred by this Act on the Registrar during any vacancy in that office or at any time when the Registrar is for any reason unable to act. | |
|
|
| | |
|
| (1) All fees and other sums received by the Registrar in the exercise of his functions under this Act shall be paid by him into the Consolidated Fund. | |
|
|
| | |
|
| (2) The Secretary of State shall out of moneys provided by Parliament pay to the Registrar such sums towards his expenses as the Secretary of State may with the approval of the Treasury determine. | |
|
|
| | |
|
| (1) It shall be the duty of the Registrar— | |
|
|
| | |
|
| (a) to keep proper accounts and other records in relation to the accounts; | |
|
|
| | |
|
| (b) to prepare in respect of each financial year a statement of account in such form as the Secretary of State may direct with the approval of the Treasury; and | |
|
|
| | |
|
| (c) to send copies of that statement to the Comptroller and Auditor General on or before 31st August next following the end of the year to which the statement relates or on or before such earlier date after the end of that year as the Treasury may direct. | |
|
|
| | |
|
| (2) The Comptroller and Auditor General shall examine and certify any statement sent to him under this paragraph and lay copies of it together with his report thereon before each House of Parliament. | |
|
|
| | |
|
| (3) In this paragraph “financial year” means a period of twelve months beginning with 1st April. | |
|
|
| | |
|
| (1) A member of the Tribunal shall hold and vacate his office in accordance with the terms of his appointment and shall, on ceasing to hold office, be eligible for re-appointment. | |
|
|
| | |
|
| (2) Any member of the Tribunal may at any time resign his office by notice in writing to the Lord Chancellor (in the case of the chairman or a deputy chairman) or to the Secretary of State (in the case of any other member). | |
|
|
| | |
|
| 9. The Secretary of State shall pay to the members of the Tribunal out of moneys provided by Parliament such remuneration and allowances as he may with the approval of the Treasury determine. | |
|
|
| | |
|
| 10. The Secretary of State may provide the Tribunal with such officers and servants as he thinks necessary for the proper discharge of its functions. | |
|
|
| | |
|
| 11. Such expenses of the Tribunal as the Secretary of State may with the approval of the Treasury determine shall be defrayed by the Secretary of State out of moneys provided by Parliament. | |
|
|
| | |
|
| Parliamentary disqualification | |
|
|
| | |
|
| (1) In Part II of Schedule 1 to the House of Commons Disqualification Act 1975 (bodies whose members are disqualified) there shall be inserted at the appropriate place “The Data Protection Tribunal”. | |
|
|
| | |
|
| (2) In Part III of that Schedule (disqualifying offices) there shall be inserted at the appropriate place “The Data Protection Registrar”. | |
|
|
| | |
|
| (3) Corresponding amendments shall be made in Parts II and III of Schedule 1 to the Northern Ireland Assembly Disqualification Act 1975. | |
|
|
| | |
|
| Supervision by Council on Tribunals | |
|
|
| | |
|
| 13. The Tribunals and Inquiries Act 1971 shall be amended as follows— | |
|
|
| | |
|
| (a) in section 8(2) after “paragraph” there shall be inserted “5A”; | |
|
|
| | |
|
| (b) in section 19(4) after “46” there shall be inserted the words “or the Data Protection Registrar referred to in paragraph 5A”; | |
|
|
| | |
|
| (c) in Schedule 1, after paragraph 5 there shall be inserted— | |
|
|
| | |
|
| (a) The Data Protection Registrar; | |
|
|
| | |
|
| (b) The Data Protection Tribunal.” | |
|
|
| | |
|
| 14. In Part II of the Table in paragraph 3 of Schedule 1 to the Public Records Act 1958 there shall be inserted at the appropriate place “the Data Protection Registrar”; and after paragraph 4(1)(n) of that Schedule there shall be inserted— | |
|
|
| | |
|
| “(nn) records of the Data Protection Tribunal;”. | |
|
|
| | |
|
| SCHEDULE 3
Appeal Proceedings | |
|
|
| | |
|
| 1. For the purpose of hearing and determining appeals or any matter preliminary or incidental to an appeal the Tribunal shall sit at such times and in such places as the chairman or a deputy chairman may direct and may sit in two or more divisions. | |
|
|
| | |
|
| (a) the chairman or a deputy chairman (who shall preside); and | |
|
|
| | |
|
| (3) The determination of any question before the Tribunal when constituted in accordance with this paragraph shall be according to the opinion of the majority of the members hearing the appeal. | |
|
|
| | |
|
| (a) with respect to the period within which an appeal can be brought and the burden of proof on an appeal; | |
|
|
| | |
|
| (b) for the summoning of witnesses and the administration of oaths; | |
|
|
| | |
|
| (c) for securing the production of documents and data material; | |
|
|
| | |
|
| (d) for the inspection, examination, operation and testing of data equipment and the testing of data material; | |
|
|
| | |
|
| (e) for the hearing of an appeal wholly or partly in camera; | |
|
|
| | |
|
| (f) for hearing an appeal in the absence of the appellant or for determining an appeal without a hearing; | |
|
|
| | |
|
| (g) for enabling any matter preliminary or incidental to an appeal to be dealt with by the chairman or a deputy chairman; | |
|
|
| | |
|
| (h) for the awarding of costs; | |
|
|
| | |
|
| (i) for the publication of reports of the Tribunal’s decisions; and | |
|
|
| | |
|
| (j) for conferring on the Tribunal such ancillary powers as the Secretary of State thinks necessary for the proper discharge of its functions. | |
|
|
| | |
|
| (1) If any person is guilty of any act or omission in relation to proceedings before the Tribunal which, if those proceedings were proceedings before a court having power to commit for contempt, would constitute contempt of court, the Tribunal may certify the offence to the High Court or, in Scotland, the Court of Session. | |
|
|
| | |
|
| (2) Where an offence is so certified, the court may inquire into the matter and, after hearing any witness who may be produced against or on behalf of the person charged with the offence, and after hearing any statement that may be offered in defence, deal with him in any manner in which it could deal with him if he had committed the like offence in relation to the court. | |
|
|
| | |
|
| SCHEDULE 4
Powers of Entry and Inspection | |
|
|
| | |
|
| 1. If a circuit judge is satisfied by information on oath supplied by the Registrar that there are reasonable grounds for suspecting— | |
|
|
| | |
|
| (a) that an offence under this Act has been or is being committed; or | |
|
|
| | |
|
| (b) that any of the data protection principles have been or are being contravened by a registered person, | |
|
|
| | |
|
| 2. A judge shall not issue a warrant under this Schedule unless he is satisfied— | |
|
|
| | |
|
| (a) that the Registrar has given seven days’ notice in writing to the occupier of the premises in question demanding access to the premises; | |
|
|
| | |
|
| (b) that access was demanded at a reasonable hour and was unreasonably refused; and | |
|
|
| | |
|
| (c) that the occupier has, after the refusal, been notified by the Registrar of the application for the warrant and has had an opportunity of being heard by the judge on the question whether or not it should be issued; | |
|
|
| | |
|
| but the foregoing provisions of this paragraph shall not apply if the judge is satisfied that the case is one of urgency or that compliance with those provisions would defeat the object of the entry. | |
|
|
| | |
|
| 3. A judge who issues a warrant under this Schedule shall also issue two copies of it and certify them clearly as copies. | |
|
|
| | |
|
| 4. A person executing a warrant issued under this Schedule may use such reasonable force as may be necessary. | |
|
|
| | |
|
| 5. A warrant issued under this Schedule shall be executed at a reasonable hour unless it appears to the person executing it that there are grounds for suspecting that the evidence in question would not be found if it were so executed. | |
|
|
| | |
|
| 6. If the person who occupies the premises in respect of which a warrant is issued under this Schedule is present when the warrant is executed, he shall be shown the warrant and supplied with a copy of it; and if that person is not present a copy of the warrant shall be left in a prominent place on the premises. | |
|
|
| | |
|
| (1) A person seizing anything in pursuance of a warrant under this Schedule shall give a receipt for it if asked to do so. | |
|
|
| | |
|
| (2) Anything so seized may be retained for so long as is necessary in all the circumstances but the person in occupation of the premises in question shall be given a copy of anything that is seized if he so requests and the person executing the warrant considers that it can be done without undue delay. | |
|
|
| | |
|
| Matters exempt from inspection and seizure | |
|
|
| | |
|
| 8. The powers of inspection and seizure conferred by a warrant issued under this Schedule shall not be exercisable in respect of personal data which are exempt from Part II of this Act. | |
|
|
| | |
|
| (1) Subject to the provisions of this paragraph, the powers of inspection and seizure conferred by a warrant issued under this Schedule shall not be exercisable in respect of— | |
|
|
| | |
|
| (a) any communication between a professional legal adviser and his client in connection with the giving of legal advice to the client with respect to his obligations, liabilities or rights under this Act; or | |
|
|
| | |
|
| (b) any communication between a professional legal adviser and his client, or between such an adviser or his client and any other person, made in connection with or in contemplation of proceedings under or arising out of this Act (including proceedings before the Tribunal) and for the purposes of such proceedings. | |
|
|
| | |
|
| (a) any copy or other record of any such communication as is there mentioned; and | |
|
|
| | |
|
| (b) any document or article enclosed with or referred to in any such communication if made in connection with the giving of any advice or, as the case may be, in connection with or in contemplation of and for the purposes of such proceedings as are there mentioned. | |
|
|
| | |
|
| (3) This paragraph does not apply to anything in the possession of any person other than the professional legal adviser or his client or to anything held with the intention of furthering a criminal purpose. | |
|
|
| | |
|
| (4) In this paragraph references to the client of a professional legal adviser include references to any person representing such a client. | |
|
|
| | |
|
| 10. If the person in occupation of any premises in respect of which a warrant is issued under this Schedule objects to the inspection or seizure under the warrant of any material on the grounds that it consists partly of matters in respect of which those powers are not exercisable, he shall, if the person executing the warrant so requests, furnish that person with a copy of so much of the material as is not exempt from those powers. | |
|
|
| | |
|
| 11. A warrant issued under this Schedule shall be returned to the court from which it was issued— | |
|
|
| | |
|
| (a) after being executed; or | |
|
|
| | |
|
| (b) if not executed within the time authorised for its execution; | |
|
|
| | |
|
| and the person by whom any such warrant is executed shall make an endorsement on it stating what powers have been exercised by him under the warrant. | |
|
|
| | |
|
| (a) intentionally obstructs a person in the execution of a warrant issued under this Schedule; or | |
|
|
| | |
|
| (b) fails without reasonable excuse to give any person executing such a warrant such assistance as he may reasonably require for the execution of the warrant, | |
|
|
| | |
|
| shall be guilty of an offence. | |
|
|
| | |
|
| 13. In this Schedule “premises” includes any vessel, vehicle, aircraft or hovercraft, and references to the occupier of any premises include references to the person in charge of any vessel, vehicle, aircraft or hovercraft. | |
|
|
| | |
|
| Scotland and Northern Ireland | |
|
|
| | |
|
| 14. In the application of this Schedule to Scotland, for any reference to a circuit judge there shall be substituted a reference to the sheriff, for any reference to information on oath there shall be substituted a reference to evidence on oath and for the reference to the court from which the warrant was issued there shall be substituted a reference to the sheriff clerk. | |
|
|
| | |
|
| 15. In the application of this Schedule to Northern Ireland, for any reference to a circuit judge there shall be substituted a reference to a county court judge and for any reference to information on oath there shall be substituted a reference to a complaint on oath. |
Возврат к списку
| Новости |
|
Вопрос возможности изменения объекта, который охраняется патентом на полезную модель - очень не прост.
Что нам предлагает к регистрации Международный классификатор.
Можно ли с помощью патентования защитить права на ювелирные украшения? Давайте разбираться!
Процесс и дизайн – а можно ли охватить их одним патентом?
Этикетка, обертка, пакет – как получить патент и защитить права?
|
|
|
|
