Talk:Data Protection Act 1998

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Mass surveillance Mid‑importance Data Protection Act 1998 is within the scope of WikiProject Mass surveillance, which aims to improve Wikipedia's coverage of mass surveillance and mass surveillance-related topics. If you would like to participate, visit the project page, or contribute to the discussion.Mass surveillanceWikipedia:WikiProject Mass surveillanceTemplate:WikiProject Mass surveillanceMass surveillance articles Mid This article has been rated as Mid-importance on the project's importance scale. Politics of the United Kingdom Low‑importance This article is within the scope of WikiProject Politics of the United Kingdom, a collaborative effort to improve the coverage of Politics of the United Kingdom on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Politics of the United KingdomWikipedia:WikiProject Politics of the United KingdomTemplate:WikiProject Politics of the United KingdomPolitics of the United Kingdom articles Low This article has been rated as Low-importance on the project's importance scale. Law Low‑importance This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the legal field and the subjects encompassed by it.LawWikipedia:WikiProject LawTemplate:WikiProject Lawlaw articles Low This article has been rated as Low-importance on the project's importance scale.

Hi there, can I ask what you think would be the better one of the the principles on the article or the one that I wrote?

Mine[edit]

• Data must not be aquired and processed unless there is a lawful reason not to do so.
• Data must be processed withing the rights of the person applying the data.
• Data must only be used for specific lawful purposes.
• Personal data must be accurate and up-to-date.
• Provision must be made for the correction of data held.
• Suitable measures should be taken to ensure the safety of presonal data.
• Data should be the minimum required for the purpose and should not be kept any longer than required.
• Data should not be transferred to countries outside the European Economic area.

Theirs[edit]

Personal data must be:

1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the "data subject's" (the #individual's) rights.
7. Reasonably securely kept.
8. Not transferred to any other country without adequate protection in situ.

according to the page history, this was posted by User:62.253.245.4 at 08:52, 15 September 2005.

Neither[edit]

I have two points about this -

a) Neither of these lists of Principles accurately reflects the Principles in the 1998 Act, and at worst both are misleading. They should be copied verbatim from the Act.

b) This page is about the Data Protection Act 1984, and should really be changed to reflect that law. For future reference, and to show the difference, here are the Principles from the 1984 Act-

1. The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.

2. Personal data shall be held only for one or more specified and lawful purposes.

3. Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes.

4. Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes.

5. Personal data shall be accurate and, where necessary, kept up to date.

6. Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

7. An individual shall be entitled-

(a) at reasonable intervals and without undue delay or expense-

(i) to be informed by any data user whether he holds personal data of which that individual is the subject; and

(ii) to access to any such data held by a data user; and

(b) where appropriate, to have such data corrected or erased.

8. Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data.

zzuuzz ^(talk) 14:17, 15 September 2005 (UTC)[reply]

I once or twice heard that a change in the law was in the works to ban the opt-out boxes on application forms, requiring them to be opt-in boxes instead. Does anyone know what's happened to this law?

And I still can't understand why, when the electoral registers finally stopped being a total violation of the current DPA, they didn't make the edited register opt-in from the start. -- Smjg 12:11, 3 October 2005 (UTC)[reply]

As far as I am aware this was never going to be law. There is guidance from the [Direct Marketing Association]about this, and also from the [Office of the Information Commissioner] - check the document library. It is still OK to have "opt-out" check boxes, but the wording of the question must be made very clearly.

This article is really about the Data Protection Act (in general) not just the 1984 version (eg, the 1998 version redirects here). Should it be renamed, or is the naming convention to always include a year? --h2g2bob 20:48, 8 October 2006 (UTC)[reply]

Since the 1984 act has been repealed, perhaps the article should be Data Protection Act 1998 ? -- Beardo 22:51, 10 October 2006 (UTC)[reply]

Moved to Data Protection Act. —Centrx→talk • 05:58, 15 October 2006 (UTC)[reply]

I am going to remove the stupid comments put on by IP addresses 217.65.158.119 and 82.22.127.233. —The preceding unsigned comment was added by Wakimakirolls (talk • contribs) .

EDIT: Can we have a lock on this page? This page keeps getting vandalised. Or at least ban the IP—The preceding unsigned comment was added by Wakimakirolls (talk • contribs) .

Hi. This page is always being vandalised, but not really much more than any other page here. Certainly not enough to warrant protection. It is on quite a few editors' watchlists and is usually quickly reverted. Offenders are usually warned, and if they continue they get blocked. -- zzuuzz ^(talk) 10:40, 9 November 2006 (UTC)[reply]

Unrelated note: Fixed a grammatical error, 'an' in place of 'a'. —Preceding unsigned comment added by 152.105.21.64 (talk) 10:27, 24 November 2008 (UTC)[reply]

any info on what affect this act has on isp's releasing ip addresses of customers to cops?—The preceding unsigned comment was added by 86.133.155.254 (talk • contribs) .

Data processed for the prevention or detection of crime are largely exempt from the restrictions on sharing contained in Principle 1 which normally require the individual's permission. See section 29. This allows, but does not compel the ISP to disclose the info. There is another exemption in section 35 which allows disclosure in the case of legal proceedings [1]. -- zzuuzz ^(talk) 05:07, 19 November 2006 (UTC)[reply]

Say you want to set up an online company where you need to store peoples addresses (not their credit card details) so you can sent them their items that they purchased. Would that company have to register or can they simply ask the customer that its ok to store their address details and then store their details securely—The preceding unsigned comment was added by 24.66.64.99 (talk • contribs).

From you example above, I would say that you would have to register. If you are not sure, then go to the Information Commissioner's web site and use their on-line checking tool that asks questions as to how you will use the data and then recommends whether or not you need to register. If you are a data controller (in the meaning of the Data Protection Act 1998) then you will need to be registered.—The preceding unsigned comment was added by Howarthss (talk • contribs).

Exemptions from registration are governed by Statutory Instrument - The Data Protection (Notification and Notification Fees) Regulations 2000 (as later amended). The three main exemptions from registration are: Staff administration; Advertising, marketing and public relations; and Accounts and records. These are called the 'core business purposes' and cover a lot of small businesses. -- zzuuzz^(talk) 13:39, 14 March 2007 (UTC)[reply]

However it is important to treat each decision to regsiter on its own merits as the Statutory Instrument mentioned above caveats a number of points that restricts the use of the information collected. I always recommend that businesses register, even if it is voluntary, as the decision processes about data use are much more involved if registration is not in place. You will find that 99 times out of 100, the ICO self-check will recommend that registration is probably necessary. —The preceding unsigned comment was added by Howarthss (talk • contribs) 11:30, 15 March 2007 (UTC).[reply]

I removed the following from the end of the first section of the article. A Wikipedia article is not the place to make this kind of complaint, and this tone is inappropriate.

i.e. you can use a telephone 'Directory Enquiry' type service to request an individuals home telephone number, which they will readily give but they will refuse to confirm the individuals address or postcode. Then on the other hand companies such as http://www.192.com are displaying and selling personally information. The ACT states that the detail holder i.e. YOU, has the right for the information to be removed however such companies such as 192, have stated that you dont have the right to ask them to remove it. In this situtation you will need to send a complain to the ICO. 192 hides behind a form they have created to get the information removed however a email to them asking them to remove your details should be ok under the act for them to act however they and other companies like them once you fill this form in or send emails to them still dont remove your details.

- Lee Stanley 23:00, 29 March 2007 (UTC)[reply]

Why does the eight principles of the data protection act have 9 items on the list? 217.172.55.251 14:21, 16 April 2007 (UTC)[reply]

The ninth principle was added only hours ago, and I have removed it. There are only eight. There is no separate Principle that data must be obtained in a lawful manner, only that it must be processed lawfully (Principle 1), and for lawful purposes (Principle 2). -- zzuuzz^(talk) 14:42, 16 April 2007 (UTC)[reply]

The second (Staffordshire University DPA FAQ) and third (DPA contents page on OPSI site) citations don't seem to support the points they are making.
Think we should remove them?
--CaNNoNFoDDa 21:54, 6 September 2007 (UTC)[reply]

The second citation does say "this all seems quite complicated", but this is not the same as a reputation for complexity. The Act does however have a reputation for being confusing and misunderstood. Some more appropriate phrase and citation should be found for it (the ICO has previously said as much, for example). That the 1984 Act was repealed by the 1998 Act is also true, but there is probably a better citation than the legislation itself (a direct link can be found here). -- zzuuzz ^(talk) 16:20, 8 September 2007 (UTC)[reply]

Cool, i'll swap that link over. Thanks. —Preceding unsigned comment added by CaNNoNFoDDa (talk • contribs) 19:13, 8 September 2007 (UTC)[reply]

The fourth citation no longer points to the correct place, the new location is http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_6/correcting_inaccurate_personal_data.aspx — Preceding unsigned comment added by 129.67.48.145 (talk) 12:20, 5 October 2011 (UTC)[reply]

—Preceding unsigned comment added by 84.92.161.243 (talk) 12:37, 8 September 2007 (UTC)[reply]

Compared to nothing, maybe. Compared to something better, possibly not. -- zzuuzz ^(talk) 13:09, 8 September 2007 (UTC)[reply]

i would like to know too why we can consider that Databases are more worry than ID cards? thank you for your answers....a french student —Preceding unsigned comment added by 86.206.226.56 (talk) 21:44, 17 March 2008 (UTC)[reply]

yes —Preceding unsigned comment added by 89.139.19.110 (talk) 01:20, 24 May 2009 (UTC)[reply]

Sorry, was looking in the totally wrong part of the act! --SG Gower (talk) 18:52, 12 December 2009 (UTC)[reply]

I have renamed this "Problems of Interpretation". The previous text stating that it was possible to devise systems which meet the letter but breach the spirit of the Act is simply untrue. Anything which breached the spirit of the Act would necessarily be unfair and accordingly fall foul of the 1st principle which requires all processing to be fair and lawful —Preceding unsigned comment added by Eggthang (talk • contribs) 18:31, 8 March 2010 (UTC) The whole section on what is personal data is nonsense. It is not really a subjective definition. Whilst the subject needs to be identifiable from data held (or likely to be) by the controller, the controller himself does not need to be able to identify. For example if I visit London and get my photo captured clearly on CCTV of Westminster Council, that is personal data, even though no-one in the Council can possibly identify me. I will tidy this up shortly. The real issues lie elsewhere. NB I am a practising DP officer and trainer ... --Eggthang (talk) 18:41, 8 March 2010 (UTC)[reply]

The 1984 act listed the following as sensitive areas, stating that information about named individuals should only go into a computer with good reason:

Religious, political and other beliefs;

Health and sexuality;

Conviction of a criminal record;

Racial origin.

However, in the 1998 act, a fifth sensitive area was added - trade union membership. This should surely go here. ACEOREVIVED (talk) 19:06, 11 June 2010 (UTC)[reply]

A number of references linking to ico.gov.uk seem to have died. Could someone please help finding the correct pages? Thanks. Andersenman (talk) 09:59, 7 November 2011 (UTC)[reply]

After searching for information on the 1984 implementation and observing little or no information with regard to the act, I looked up the talk page here and found that back in 2006 it had been repurposed from an article into a Re-direct to the most recent implementation, the argument being that the 1984 implementation had been repealed in the past and a new incarnation was brought in to fill the older act's purpose. (See the related discussion from 2006 here: Talk:Data_Protection_Act_1998#Rename)

As a result, information regarding a law which in turn defined and shaped how we handle information is rather hard to find, being little more than a stub or subtle mention when found following substantial digging. The closest I could find was Information_privacy_law#United_Kingdom. A four line paragraph which did make mention of criticism of the repeal and the intelligence agency's new rights under the proposed replacement, an example being given from Simon Davies, director of Privacy International, called the plans “a systematic attack on the right to privacy.”. The quote came with a citation, found here Information_privacy_law#cite_note-7.

Key to the importance of raising concern is that the 1984 Data Protection Act was repealed. It was not ammended. It was not reworded. It was repealed. It was canned in it's entirety and a replacement article was written from scratch, reviewed and implemented in stages, just as if it were a new act being proposed for the first time. Though the 1998 Data Protection Act has similarities and the same name, the fact the original was repealed, establishes the two acts as being distinctly seperate from each other, albiet seperate acts with similarities. However, at the same time, differences which result in the legalisation of actions which under the previous act would have been clear breach of the act.

Even further searches the history of content on the Data Protection Act here on wikipedia revealed futher information, such as a point raised further up on this talk page in a discussion with regard to the points of the act taken straight from the act itself, the section can be seen here; Talk:Data_Protection_Act_1998#Neither. The section demonstrates how the rules in both acts may be similar at times but differ at others greatly, not just in interpretation or in a mild rewording, but rather a complete rewrite to directly allow activity which was previously a distinct violation of the 1984 Data Protection Act. It also makes mention of the fact this article is about the 1984 act and makes the point of pointing that out, going on to reject the alteration of the article's list of rules on the basis that the proposed changes were descriptive of the 1998 Data Protection Act, which was argued as being not fitting for the pupose of the article. There were no futher counterpoints made in criticism of this reply.

This shows three things of importance.

• This article was once about the 1984 Data Protection Act specifically and may have linked to an article on the 1998 Data Protection Act.

• This article was once accepted by editors and used by readers for information on the 1984 Data Protection Act, providing at the very least, sufficent detail on the act. Information which is now lacking or otherwise entirely absent from Wikipedia.

• This article was on at least one occasion subject to proposals on replacing it's content with content on the 1998 Data Protection Act. Such proposals were rejected in a direct single post response and no threaded discussion emerged, at least as is evident from the lack of such discussions between a section on this talk page dating back to the article's prior incarnation and it's current form which shows at some point, the descision was made to repurpose an article from it's specific focus on the 1984 Data Protection Act to a general article, with greatly lacking information concerning the prior Act, which had been present in the previous incarnation of this article, concerning the history of the 1984 Data Protection Act and the criticism surrounding it's repeal and replacement with the 1998 Data Protection Act, an action which culminates to an act of self-censorship through indirect historical revisionism, removing from the encyclopedia almost all information on the contributions to society of the 1984 Data Protection Act and the criticism from an international body (A significant event thing to ocurr) on an act which shaped the path ahead of us in our advancement into the late 20th and 21st century as a civilisation.

A further assumption can be made from the lack of discussion here on the talk page on such a key change to an article. Showing that this descision was either:-

• made without appropiate discussion first ocurring here on the talk page between editors concerning the change.

-OR-

• hidden from the apparent records as first seen on the talk page, after a threaded discussion which may have ocurred, was deleted in it's entirety from the talk page, either as a result of accidental deletion, benelovent intentional deletion to conceal a possible negatively charged flame war or a malicious intentional deletion to discourage potential opinions being voiced in opposition to the opinion of a percentage of editors or an individual editor.

Now following that extensive wall of text, the question I ask is Isn't Wikipedia meant to act as an encyclopedia and not hold bias to current points of view? (See the specific section on this form of Systemic bias here Wikipedia:Recentism#Article_imbalance))

As a result, repealed or not, shouldn't the 1984 Data Protection Act have it's own sub-section on an article regarding UK Legisation on Data Protection or It's own article concerning the 1984 implementation?

For example, such an article could also go into detail on the criticism and praise it received along with events that lead to the repeal of the act. Terkaal -- <Warning! Self-Confessed Newbie!> (talk) 09:20, 4 March 2012 (UTC)[reply]

Do that thing :) It makes perfect sense. Fiddle Faddle (talk) 09:33, 4 March 2012 (UTC)[reply]

I'd have gone ahead and tried to 'BE BOLD' and made a start on it my self but, I'm still a newbie, so I'm prone to self-destructing my edits, wouldn't be a good thing in this scale of edit ;P

And also, with a significant edit such as proposed, it should be discussed first (I think that's the policy :o). Here's hoping :D Terkaal -- <Warning! Self-Confessed Newbie!> (talk) 10:26, 4 March 2012 (UTC)[reply]

I suggest that no-one can object to proper, encyclopaedic work. You have stated clearly what you propose to do. Assuming, and I have not checked, that there is not already an article on the prior act, you might start that right away, migrating items from this article to it as appropriate, and creating others. As long as you make it clear on the talk pages of each article what is happening, and use edit summaries well it is likely that others will join in to help you. As long as you maintain assertions of notability and ensure they are verified, even a bare bones article will survive long enough to be fleshed out. It might be worth waiting a day or so to see if anyone objects, otherwise I would simply works steadily and accurately because no-one has objected.

That you are new makes your rights neither greater nor less than anyone else here.

And never worry about the possibility of making a fool of yourself and making errors. We've all done that in spades! Nothing is ever lost in Wikipedia, either, so, even if you find you have made a huge mess, that mess can be reverted at a stroke.

Being bold wins you friends here provided you always work towards the common purpose of enhancing the encyclopaedia. Making mistakes is just that, making mistakes. Fiddle Faddle (talk) 11:38, 4 March 2012 (UTC)[reply]

I was under the impression that jumping in and making substantial reworks of articles was a no-no during the young days as a new wikipedian, but reading what you said, I'll get right on it ^^ After *thinks* two days to look out for any opposition sound about fair? Terkaal -- <Warning! Self-Confessed Newbie!> (talk) 05:51, 5 March 2012 (UTC)[reply]

A couple of days is perfectly sensible. The only 'experience hierarchy' here is a mechanical one, intended to help stop vandals. Otherwise everyone is equal. Some folk also take on other responsibilities, but, as editors, all are equal. Fiddle Faddle (talk) 09:05, 5 March 2012 (UTC)[reply]

It's actually got worst, the 1984 hyperlink now points to a deleted History section of this page! The reason for a separate 1984 page is the ideation of the legislation, together with the reason for its replacement. — Preceding unsigned comment added by 90.213.9.109 (talk) 10:01, 12 October 2020 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Uwhat (talk) 11:12, 16 January 2013 (UTC)[reply]

 Declined nothing to do. Fiddle Faddle (talk) 11:48, 16 January 2013 (UTC)[reply]

The page mentions the "Durant case", what is this there's no page about it to link to?Railwayfan2005 (talk) 14:44, 27 September 2013 (UTC)[reply]