Privacy law limits about to be set by top courts of UK and Europe

Out-Law Analysis | 01 Feb 2008 | 10:14 am | 2 min. read

OPINION: In the coming weeks some long-running questions about the very nature of privacy and data protection will be answered by the highest possible courts.

Data Protection Day 2008
This is one of a series of articles appearing on OUT-LAW this week to celebrate Data Protection Day 2008.

The House of Lords will rule on what exactly is meant by the term 'personal data', while the European Court of Human Rights will decide whether the police can retain  details of non-criminals on the UK's national DNA database.

These are vital questions which could alter the boundaries of the rules governing what law enforcement agencies and companies will be able to do with the increasing amounts of personal information they are processing.

The House of Lords will rule on a case about what counts as personal data. Currently data protection  law is shaped by a ruling by the Court of Appeal in a case involving Michael Durant, where the Court  ruled that 'personal data' should be defined narrowly, meaning that only those personal data that related to  a particular individual counted as 'personal data'.

The case which House of Lords will consider pits the Common Services Agency (CSA) of the NHS in Scotland against the Scottish Information Commissioner (SIC), Kevin Dunion.

A researcher in the Scottish Parliament had asked for statistical data relating to childhood leukaemia in Dumfries and Galloway, broken down by census wards. The NHS decided that as the statistics, in many cases, showed there was one incident of childhood leukaemia per census ward, the figures were so low that to release the statistical data would relate to a particular individual, living in an certain geographical area, with a specific disease. This was personal data, the NHS argued.

The SIC, with the eventual support of the Scottish court disagreed, ruling that the statistic of one for a census ward related to a census ward and not to an individual. It followed that the information was not personal data and should be published under the Scotiish FOI procedures.. So when the Lords rule, its judgment will hopefully resolve any lingering doubt as to what 'personal data' really means.

A different but equally fundamental issue will be addressed by the European Court of Human Rights (ECHR) when it looks into the case of Michael Marper.

Marper's DNA was taken and an entry made in the national DNA database when he was arrested in 2001 following a domestic disturbance. He was never charged with a crime, but the sample and database entry were retained by the police.

After a series of legal tussles over the police's retention of the DNA information, the House of Lords concluded the parts of the Human Rights Act that relate to privacy did not apply to the indefinite retention of Marper's DNA sample and related data. A reference to the European Court of Human Rights (ECHR) was made after this judgment.

Because the Human Rights Act did not apply in this case, the House of Lords did not need to consider any data protection obligations in its judgment. But the ECHR has said that these data protection obligations arel central to the data retention issues raised by the case.

The overlap between human rights and data protection has never actually been defined, so this case could present the ECHR with an opportunity for clarifying how these laws interact with each other and with private and family life.

There is a possibility that the two pieces of legislation could become interlinked in a precise way, with data protection obligations becoming a quantifiable extension  of the human rights legal framework. This would strengthen the position of data protection principles enormously and would mean that a breach of a data protection obligation could also give rise to a claim that the individual's human rights have been infringed.

By Dr Chris Pounder

Global Term