Included in this issue: Freedom of information v protection of personal data: two recent local authority cases; Cold-calling firms fined by the Information Commissioner's Office (ICO); UK Government names Elizabeth Denham as preferred candidate for Information Commissioner and more...

UNITED KINGDOM

Freedom of information v protection of personal data: two recent local authority cases

Swansea Council is not required to release details of an internal investigation into why a council officer was not fined for parking on double yellow lines in the presence of traffic wardens. The Information Tribunal held that it would be disproportionate and unfair to disclose the details of the investigation, as to do so would be unusual and it could be professionally detrimental to those involved. The seniority of the council officer, described as "middle management", was considered and whilst he was subject to an increased level of accountability he still had a reasonable expectation of confidentiality in relation to the investigation. It was relevant that the case had already attracted publicity as a video of the car parking incident was posted online.

In contrast, Bolton Council is required to release the name of a local councillor who failed to pay council tax. The Information Tribunal held that the personal data exception would not apply in this case. The councillor would not be disproportionately prejudiced by the release of the information and the public have a right know whether elected officials are fulfilling their duties – particularly since failure to pay council tax can result in councillors being disqualified from voting on the Council's budget.

These two cases demonstrate the difficult balancing act which must be carried out when freedom of information requests made under The Freedom of Information Act 2000 (FOIA) conflict with personal data rights.

You can download the full decisions here

or read them here

Cold-calling firms fined by the Information Commissioner's Office (ICO)

The ICO reports that two Swansea-based companies have been fined for nuisance phone calls. Falcon and Pointer was fined £175,000 following millions of automated PPI calls, including numerous calls in the early hours of the morning. Direct Choice Home Improvements was fined £50,000 for nuisance calls relating to windows, doors and conservatories. In both cases, the companies argued that they had received the telephone data from third parties. However the ICO highlighted that neither company took adequate steps to ensure that individuals had consented to providing their data. Companies must take responsibility for their marketing strategies, including taking steps to obtain data subject consent. It is insufficient to rely on third party assurances without carrying out proper due diligence.

The ICO article is available here

A recent update to the ICO's Direct Marketing guidance is available here

UK Government names Elizabeth Denham as preferred candidate for Information Commissioner

Ms Denham is set to become the new Information Commissioner this summer, subject to a pre-scrutiny hearing and approval from the Queen. She will face the challenge of managing the incoming European rules on data protection. She is described by Baroness Neville-Rolfe, minister for data protection, as having a "proactive approach to enforcing data protection law".

The government press release is available here

EUROPE

Google fined over misapplication of "right to be forgotten"

The French data regulator, Commission Nationale de l’informatique et des Libertés (CNIL) has fined Google 100,000 Euros for failing to adequately implement the right to be forgotten principle. Following the European Court of Justice's ruling in 2014, individuals may request for sensitive search results containing their name to be removed. Regulators were unimpressed by Google's first attempts to comply with the principle, whereby results were only removed from its European search engines (e.g. google.fr ) and not from the global domain (google.com). Google went a step further, de-listing searches across all of its domains when the search was ran from the state where the request originated, but CNIL is still not satisfied. CNIL contends that the only way to protect European's privacy rights is to remove search results across all domains, regardless of where the user is based. This displays the interesting tension between individual rights on the one hand, and freedom of information and prevention of censorship on the other. Google will appeal the ruling.

Click here to view the original article

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile

Related Insights

All Insights
Data Protection - March 2024 - Infographic Teaser 26 Mar 24

Data Diaries - March 2024
Technology 15 Mar 24

The Saudi National Cybersecurity Authority Publishes New Regime for the Regulation of Cybersecurity Service Providers
Data - wire 12 Mar 24

The executive regulations to the Oman personal data protection law - What you should know