United Kingdom: Data Protection obligations for e-businesses.

AutorEduardo Ustaran.
CargoSolicitor in the Computer, Media & IP Group at Paisner & Co, London

All UK-based e-businesses face a serious regulatory challenge: how to comply with the strict laws governing the use of personal information. The new Data Protection Act applies to the collection, storage and use of information about individuals in any way and, therefore, affects every single web site that allows interaction with its users.

The relevance of privacy rights should not be underestimated. As individuals become more aware of their rights in connection with the processing of personal information, users of that information are coming under increasing pressure to comply with privacy regulations. As a result, this area of law has gained in importance and is set to become a crucial focus of attention for e-businesses given their reliance on the use of personal data for their operations.

Background to the Act

Data protection law was created in the early 1970’s in response to the increasing use of computers to process information about individuals. During the 1970’s and 1980’s a number of countries, mostly in Europe, passed legislation aimed at controlling the use of personal data made by government agencies and large companies.

In the UK, this legislation was the Data Protection Act 1984 (the “1984 Act”). The 1984 Act established a registration system for all users of personal data and required such users to comply with a number of data protection principles. However, different national approaches across Europe led to fragmented data protection regimes.

After several years of international negotiations and compromises, the European Union adopted in 1995 the Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data (the “Directive”). 24 October 1998 was the deadline established by the Directive for all 15 Member States to pass legislation in their respective jurisdictions to bring into effect the objectives of the Directive, namely:

 to protect the right to privacy of individuals, and

 to facilitate the free flow of personal data between Member States.

The UK Government decided to implement the Directive by introducing completely new legislation that would strengthen the data protection controls existing under the 1984 Act. This decision coincided with the view of the UK data protection regulator (the “Data Protection Commissioner”) and the Act was passed by Parliament in July 1998. The Act came into force on 1 March 2000 entirely replacing the 1984 Act.

Scope of...

Para continuar leyendo

Solicita tu prueba

VLEX utiliza cookies de inicio de sesión para aportarte una mejor experiencia de navegación. Si haces click en 'Aceptar' o continúas navegando por esta web consideramos que aceptas nuestra política de cookies. ACEPTAR