Boundaries of data protection law: Johnson v Medical Defence Union, Court of Appeal [2007] EWCA, Civ 262, March 28, 2007

摘要

The Data Protection Act 1998 ('DPA'), implementing the EU Data Protection Directive, 95/46/EC ('DPD'), is at the same time very wide ranging but full of complex detail, and presents serious compliance issues for both the private and public sector. The English courts have so far adopted a narrow interpretation of broad concepts such as 'data processing' (see Durant v Financial Services Authority (Disclosure of Information) [2004] FSR 28 - noted at 'The Data Protection Act 1998: Is the smokescreen clearing?, Johnson, Comms L 2004 9(2) 67-69); Smith v Lloyds TSB Bank pic [2005] EWHC 246; and Common Services Agency v Scottish Information Commissioner, (2007) S.L.T. 7, December 1, 2006). Another problem with the width of the Act is that it opens up the possibility of using the Act to challenge actions where there would be no substantive right to do so either at common law or through other statutory provision.