Data protection redress in the UK
description
Transcript of Data protection redress in the UK
DP redress in the UK
Dr Ian Brown, University of Oxford
UK social science expert for FRA Thematic Area H: Human Rights Issues Relating to the Information Society
Drivers and mechanisms
Most frequent violations: disclosure of personal data to unauthorised persons and the refusal of access to personal data held by the police, medical services, social services, employers and others
In the great majority of cases the damage caused was emotional distress
Mechanisms used: claim in the ordinary courts; taking a complaint to ICO; appealing against a decision of ICO to the Information Rights Tribunal
Barriers to redress
Lack of awareness and understanding of complex law (little jurisprudence)
Limited compensation – only by courts, normally for pecuniary loss, not distress
Courts unsympathetic – interpret narrowly, award nominal damages, prioritise FoE
Lack of judicial expertise in lower courts – no specialisation, few cases
Cost of litigation – no legal aid, cost orders ICO prefers informal approach, individual
cases rarely lead to enforcement
Possible improvements
DPA should be made easier to understand, with distress compensated
Judges should be trained in DP law ICO should publish its ‘compliance
likely/unlikely’ assessments in DPA cases Legal aid should be granted in DPA cases ICO should have resources for test cases Provision for collective redress
Good practices
Valuable ICO remedy for data subjects
Strong ICO educational role for data controllers about their obligations, and public about data protection law
Civil society assistance to data subjects in using redress mechanisms
Central and local government ‘one stop’ procedures for complaints