Retsudvalget 2014-15 (1. samling)
REU Alm.del Bilag 77
Offentligt
1428189_0001.png
To:
From:
Hanne Rasmussen, Danish Parliament
John Woodhouse
Ref:
Home Affairs Section
Date:
x5036
[email protected]
2014/10/138-HAS
21 October 2014
Data protection
You asked the following questions:
How is the oversight/control of public authorities dealing with sensitive
personal data organised in your country?
Very briefly, any handling of personal data has to be in accordance with the
Data Protection
Act 1998.
The 1998 Act is overseen and enforced by the Information Commissioner’s Office
(ICO).
1
The Act requires every organisation that processes personal information to register
with the ICO unless they are exempt. Failure to do so is a criminal offence.
The ICO is sponsored by the Ministry of Justice and reports directly to Parliament.
The 1998 Act and sensitive personal data
Data controllers must adhere to the eight data protection principles set out in
Schedule 1
of
the 1998 Act; further information on the principles is available in a
guide
published by the
ICO. The Act distinguishes between “personal data” (s1) and “sensitive personal data” (s2):
Personal data
means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to
come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the
intentions of the data controller or any other person in respect of the individual.
Sensitive personal data
means personal data consisting of information as to -
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
1
http://ico.org.uk/about_us
C
ONTRIBUTING TO A WELL INFORMED
D
EMOCRACY
 PDF to HTML - Convert PDF files to HTML files
1428189_0002.png
(d) whether he is a member of a trade union (within the meaning of the Trade Union
and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by
him, the disposal of such proceedings or the sentence of any court in such
proceedings.
Another section of the ICO site provides an overview
2
of the “conditions for processing”
contained in Schedules 2 (any
personal data)
and 3 (sensitive
personal data).
Information on exemptions to the 1998 Act is also available from the ICO website.
3
What authority do they have?
The ICO issues guidance on helping organisations to comply with the 1998 Act.
4
It also
provides information on the rights of individuals under the Act
5
, including an advice line.
6
The ICO has a range of powers to deal with breaches of the Act; these include issuing fines,
enforcement notices, and decision notices. Detailed information on these is available from
the ICO website.
7
What is the budget and how is it funded?
The ICO’s data protection activities are funded from the annual notification fees collected
from data controllers. The ICO annual report for 2013-14 states that “fees collected in the
year totalled £16,528K (2012-13: £16,055K) representing a 2.9% increase over the previous
year”.
8
A detailed breakdown of income is available here:
http://ico.org.uk/about_us/our_spending
Do you have a public debate about data security and data protection in your
country in relation to public authorities’ treatment of sensitive personal data? If
yes, what are the main features in that debate?
Yes, there are concerns and debate about data protection, data sharing, and sensitive
personal data in a number of areas – for examples, you can look at the following sections of
the ICO website:
2
3
4
5
6
7
8
http://ico.org.uk/for_organisations/data_protection/the_guide/conditions_for_processing
http://ico.org.uk/for_organisations/data_protection/the_guide/exemptions
http://ico.org.uk/for_organisations
http://ico.org.uk/for_the_public
https://ico.org.uk/Global/contact_us
http://ico.org.uk/enforcement
http://ico.org.uk/about_us/performance/~/media/documents/library/Corporate/Research_and_reports/annual-
report-2013-14.pdf,
p41
2
 PDF to HTML - Convert PDF files to HTML files
Report a concern
Current topics
ICO blog
News releases
Annual Report for 2013-14,
pp22-3
I hope this helps.
3