International Day Against Homophobia, Lesbophobia, Transphobia & Biphobia 2022
April 26 2021Read more
Almost 9 out of 10 UK adults, and 99% of 12 to 15-year olds, have regular online access. As the internet continues to evolve and transform our everyday lives, it is vital that we consider how we can protect our personal data. This article will explore the laws surrounding data protection and online privacy.
The law of privacy in England and Wales has continued to develop through the Human Rights Act 1998 (HRA) and European Convention on Human Rights (ECHR). The fundamental piece of legislation is derived from Article 8 of the ECHR and the HRA which states that “everyone has the right to respect for his private and family life, his home and his correspondence”. This article is referring to the protection of privacy from the public state i.e. the government, but does not allow protection between two neighbours, for example.
Various fundamental decisions have developed this through case law, with a key decision being made in the case Wainwright v Home Office (2003). Lord Hoffman stated that there was no general tort of “invasion of privacy”, and that this is not something that could develop through common law but would need detailed legislation to be created. However, in Campbell v MGN Ltd Lord Hoffman stated that the purpose of the Human Rights Act is to give people the opportunity to protect themselves privately and suggested that the courts adopt this stance during future cases.
Although there are still no specific online privacy laws, the Data Protection Act 2018 (DPA) is the primary legislation in the UK and the Republic of Ireland that regulates the collection and processing of personal data. This DPA therefore provides protection for an individual’s private data, how this is used, stored and collected. The Information Commissioner has stated that the aim of the DPA is “to strike a balance between the rights of individuals and the sometimes-competing interests of those with legitimate reasons for using personal information.” This legislation sits alongside the General Data Protection Regulation (GDPR) which provides individual rights in relation to the use of your personal data.
GDPR and the DPA applies to companies that collect your personal data online. If your personal data is lost, stolen, shared without permission, or illegally accessed this could be considered a data breach. All data breaches must be reported to the Independent Commissioner’s Office (ICO) and the individuals who the data belongs to if the breach places the individual’s rights at risk.
Furthermore, on the 8 April 2019 a joint proposal was made in the Online Harms White Paper expressing that legislation should be created governing online safety. The Department for Digital, Culture, Media and Sport and the Home Office proposed that social media companies and tech firms specifically should be obliged to provide protection for their users by placing a mandatory ‘duty of care’ upon companies to take reasonable steps to keep data safe. The paper explores enforcing penalties where these companies fail to address any harmful or illegal activity that is taking place across their sites. This paper was created as part of a discussion and changes to legislation have not yet been formally proposed.
In the meantime, the ICO is responsible for the enforcement of data protection within the United Kingdom and have a number of powers, including the ability to impose substantial fines on organisations that fail to follow data protection laws.
Please complete the form below and we'll be in touch to answer your enquiry
Please complete the form and we'll be in touch to schedule your free consultation
We appologise but an error has occurred submitting your form. Please try again.