SlideShare a Scribd company logo

Third Principle Of The Data Protection Act, 1998 (Uk)

Vishnu Kesarwani
Vishnu Kesarwani
TechnologyBusiness
1 of 23
Download to read offline
THIRD PRINCIPLE OF THE DATA PROTECTION ACT, 1998 Vishnu Kesarwani IMS2007011 Bipin Kumar Ray IMS2007043 2nd Semester MS (Cyber Law & Information Security) IIIT-Allahabad
History „ The Report of the Committee on Privacy (The Younger Report, 1972) : “(c) There should be minimum holding of Data for specified Purposes”. „ The Report of the Committee on Data Protection (The Lindop Report, 1978): In the interest of data subjects: “Personal data handled should be accurate and complete, and relevant and timely for the purpose for which they are used”
Contd… „ OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 : Part Two ( Basic Principles of National Application), Collection Limitation Principle, Paragraph 8 : “8. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.” „ The Council of Europe Convention, 1981: “Personal data should be adequate relevant and not excessive in relation to the purposes to which the data are stored”
Contd… „ The Data Protection Act, 1984: “Personal data should be adequate, relevant and not excessive in relation to those purposes.” „ Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data: CHAPTER II, SECTION I - PRINCIPLES RELATING TO DATA QUALITY Article 6(1)(c) stats : “Member States shall provide that personal data must be… adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed.”
Third Principle Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Key Words „ Personal Data „ Adequate „ Relevant „ Processing
Personal Data According to Section 1(1) of the Data Protection Act, 1998 : “Personal data” means data which relate to a living individual who can be identified† (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
Contd… „ What determines whether data relate to an individual? A question of fact Data related to two or more people Information in a business capacity legal entities „ Does the Act only relate to living individuals? Yes „ The individual must be capable of being identified. How does the Commissioner approach this issue? An individual may be “identified” without necessarily knowing the name and address of that particular individual.
Contd… It is sufficient if the data are capable of being processed by the data controller to enable the data controller to distinguish the data subject from any other individual. an individual to be identified from data together with information “likely to come into the possession” of the data controller. „ What is meant by the expression “possession” in this context? possession does not necessarily mean that the identifying data are in the physical control of the data controller, or likely to come under his physical control
Contd… This includes „ Names, „ Birthday „ Anniversary dates, „ Addresses, „ Telephone numbers, „ Fax numbers, „ e-mail addresses etc. It only applies to that data which is held, or intended to be held, on computers or held in a relevant felling
Adequate Meaning : „ Sufficient „ equal to what is required „ suitable to the case or occasion
Relevant Meaning : „ One fact is said to be relevant to another when the one is connected with the other in any of the ways „ Having a bearing on or connection with the matter at hand
Processing According to Section 1(1) of the Data Protection Act, 1998 : “Processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including— (a) organization, adaptation or alteration of the information or data, (b) retrieval, consultation or use of the information or data, (c) disclosure of the information or data by transmission, dissemination or otherwise making available, or (d) alignment, combination, blocking, erasure or destruction of the information or data;
Interpretation „ The amount and nature of personal information held by the data controller is actually necessary in relation to the carrying out of the stated purpose of the data processing „ The information gathered and held ‟ must not be excessive and ‟ must be relevant to the Stated purpose. „ The processing of personal data must not exceed what may be objectively necessary.
Contd… • Must hold the minimum amount of information which enables the task to be performed • Must regularly seek to review the information as that which was adequate, may no longer be adequate and in fact be excessive • Not acceptable to hold information on the basis it will be useful in the future • This principle imposes an obligation on the data controller that the information collected must be adequate and relevant to fulfill the purpose for which it was collected
Contd… „ It must not be excessive in relation to the proposed used in question irrespective of whether the information is useful in the future. Example : Collecting the email addresses of students in order to contact them regarding a lecture series will be considered as relevant and adequate. But collecting their dates of birth for this purpose will be considered excessive.
Some Facts According to the Data Protection Act 1998: Legal Guidance „ Changes in circumstances or failure to keep the information up to date may mean that information that was originally adequate becomes inadequate. „ If the data are kept for longer than necessary then they may well be both irrelevant and excessive. „ In most cases, data controllers should be able to remedy possible breaches of the Principle by the erasure or addition of particular items of personal data so that the information is no longer excessive, inadequate, or irrelevant.
Contd… „ Data controllers should seek to identify the minimum amount of information that is required in order properly to fulfill their purpose and this will be a question of fact in each case. „ If it is necessary to hold additional information about certain individuals, such information should only be collected and recorded in those cases.
Cases Community Charge Registration Officer of Runnymede Borough Council v. Data Protection Registrar ( Case DA/90, 24/49/3 October 27, 1990) The Tribunal was asked to consider whether the holding by community charge registration officers of information about property types ( i.e. whether the property was a flat, bungalow, caravan, etc.) as part of the community charge register. The Tribunal found it was. They found this be the case even though there was unlikely to be any prejudice to the data subjects. They took the view public bodies which had the power to oblige people to provide personal information were under a particular onus to ensure that the information demanded was always adequate relevant and not excessive.
Cases Community Charge Registration Officer of Runnymede Borough Council v. Data Protection Registrar ( Case DA/90, 25/49/3 October 11, 1990) The Tribunal upheld a similar approach taken with respect to the holding of dates of birth. It was accepted, however, that the holding of dates of birth could be relevant in respect of those persons who would shortly become eligible to vote the age of 18.
The data controller should consider for all data : The number of individuals on whom information is held  The number of individuals for whom it is used  The nature of the personal data  The length of time it is held  The way it was obtained  The possible consequences for individuals of the holding or erasure of the data  The way in which it is used  The purpose for which it is held
References „ THE DATA PROTECTION ACT, 1998 „ Data Protection Act 1998: Legal Guidance; available from http://www.ico.gov.uk/upload/documents/library/data_protecti on/detailed_specialist_guides/data_protection_act_legal_guida nce.pdf „ Hamilton, Angus and Jay, Rosemary, Data Protection Act 1998 (UK: Sweet & Maxwell, 1999)
THANKS

Recommended

DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Axon Lawyers
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreementsBrussels Legal Hackers
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Jon Rathbone
 

Recommended

DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Axon Lawyers
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreementsBrussels Legal Hackers
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Jon Rathbone
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?ANSItunCERT
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?NICSA
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)Kewal Pradhan
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Journal #1
Journal #1 Journal #1
Journal #1 Aziz Ahmad
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
Osio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareOsio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareVille Oksanen
 
20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_pro20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_proKoenraad FLAMANT
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018Webkul Software Pvt. Ltd.
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR BasicsElizabeth Dunne B.L. PC.dp
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwBetacowork
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul LanoisAIIM International
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfkiruthigajawahar6
 

More Related Content

What's hot

Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?ANSItunCERT
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?NICSA
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
Osio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareOsio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareVille Oksanen
 
20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_pro20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_proKoenraad FLAMANT
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwBetacowork
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul LanoisAIIM International
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 

What's hot (20)

Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Journal #1
Journal #1 Journal #1
Journal #1
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)
 
Osio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health CareOsio workshop: Data Protection Regulation and Health Care
Osio workshop: Data Protection Regulation and Health Care
 
20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_pro20180305 the dayafter_bavovdh_cranium_dpo_pro
20180305 the dayafter_bavovdh_cranium_dpo_pro
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 
Course 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari DepreeuwCourse 5: GDPR & Big Data by Sari Depreeuw
Course 5: GDPR & Big Data by Sari Depreeuw
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 

Similar to Third Principle Of The Data Protection Act, 1998 (Uk)

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfkiruthigajawahar6
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three ActsLilian Edwards
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three ActsLilian Edwards
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)itgsabc
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalSofie van der Meulen
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)David Lee
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptxPabRonaldCalanoc1
 

Similar to Third Principle Of The Data Protection Act, 1998 (Uk) (20)

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdf
 
Data protection act
Data protection act Data protection act
Data protection act
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three Acts
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three Acts
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics final
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02
 
Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric Security
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptx
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Third Principle Of The Data Protection Act, 1998 (Uk)

  • 1. THIRD PRINCIPLE OF THE DATA PROTECTION ACT, 1998 Vishnu Kesarwani IMS2007011 Bipin Kumar Ray IMS2007043 2nd Semester MS (Cyber Law & Information Security) IIIT-Allahabad
  • 2. History „ The Report of the Committee on Privacy (The Younger Report, 1972) : “(c) There should be minimum holding of Data for specified Purposes”. „ The Report of the Committee on Data Protection (The Lindop Report, 1978): In the interest of data subjects: “Personal data handled should be accurate and complete, and relevant and timely for the purpose for which they are used”
  • 3. Contd… „ OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980 : Part Two ( Basic Principles of National Application), Collection Limitation Principle, Paragraph 8 : “8. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.” „ The Council of Europe Convention, 1981: “Personal data should be adequate relevant and not excessive in relation to the purposes to which the data are stored”
  • 4. Contd… „ The Data Protection Act, 1984: “Personal data should be adequate, relevant and not excessive in relation to those purposes.” „ Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data: CHAPTER II, SECTION I - PRINCIPLES RELATING TO DATA QUALITY Article 6(1)(c) stats : “Member States shall provide that personal data must be… adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed.”
  • 5. Third Principle Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  • 6. Key Words „ Personal Data „ Adequate „ Relevant „ Processing
  • 7. Personal Data According to Section 1(1) of the Data Protection Act, 1998 : “Personal data” means data which relate to a living individual who can be identified† (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
  • 8. Contd… „ What determines whether data relate to an individual? A question of fact Data related to two or more people Information in a business capacity legal entities „ Does the Act only relate to living individuals? Yes „ The individual must be capable of being identified. How does the Commissioner approach this issue? An individual may be “identified” without necessarily knowing the name and address of that particular individual.
  • 9. Contd… It is sufficient if the data are capable of being processed by the data controller to enable the data controller to distinguish the data subject from any other individual. an individual to be identified from data together with information “likely to come into the possession” of the data controller. „ What is meant by the expression “possession” in this context? possession does not necessarily mean that the identifying data are in the physical control of the data controller, or likely to come under his physical control
  • 10. Contd… This includes „ Names, „ Birthday „ Anniversary dates, „ Addresses, „ Telephone numbers, „ Fax numbers, „ e-mail addresses etc. It only applies to that data which is held, or intended to be held, on computers or held in a relevant felling
  • 11. Adequate Meaning : „ Sufficient „ equal to what is required „ suitable to the case or occasion
  • 12. Relevant Meaning : „ One fact is said to be relevant to another when the one is connected with the other in any of the ways „ Having a bearing on or connection with the matter at hand
  • 13. Processing According to Section 1(1) of the Data Protection Act, 1998 : “Processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including— (a) organization, adaptation or alteration of the information or data, (b) retrieval, consultation or use of the information or data, (c) disclosure of the information or data by transmission, dissemination or otherwise making available, or (d) alignment, combination, blocking, erasure or destruction of the information or data;
  • 14. Interpretation „ The amount and nature of personal information held by the data controller is actually necessary in relation to the carrying out of the stated purpose of the data processing „ The information gathered and held ‟ must not be excessive and ‟ must be relevant to the Stated purpose. „ The processing of personal data must not exceed what may be objectively necessary.
  • 15. Contd… • Must hold the minimum amount of information which enables the task to be performed • Must regularly seek to review the information as that which was adequate, may no longer be adequate and in fact be excessive • Not acceptable to hold information on the basis it will be useful in the future • This principle imposes an obligation on the data controller that the information collected must be adequate and relevant to fulfill the purpose for which it was collected
  • 16. Contd… „ It must not be excessive in relation to the proposed used in question irrespective of whether the information is useful in the future. Example : Collecting the email addresses of students in order to contact them regarding a lecture series will be considered as relevant and adequate. But collecting their dates of birth for this purpose will be considered excessive.
  • 17. Some Facts According to the Data Protection Act 1998: Legal Guidance „ Changes in circumstances or failure to keep the information up to date may mean that information that was originally adequate becomes inadequate. „ If the data are kept for longer than necessary then they may well be both irrelevant and excessive. „ In most cases, data controllers should be able to remedy possible breaches of the Principle by the erasure or addition of particular items of personal data so that the information is no longer excessive, inadequate, or irrelevant.
  • 18. Contd… „ Data controllers should seek to identify the minimum amount of information that is required in order properly to fulfill their purpose and this will be a question of fact in each case. „ If it is necessary to hold additional information about certain individuals, such information should only be collected and recorded in those cases.
  • 19. Cases Community Charge Registration Officer of Runnymede Borough Council v. Data Protection Registrar ( Case DA/90, 24/49/3 October 27, 1990) The Tribunal was asked to consider whether the holding by community charge registration officers of information about property types ( i.e. whether the property was a flat, bungalow, caravan, etc.) as part of the community charge register. The Tribunal found it was. They found this be the case even though there was unlikely to be any prejudice to the data subjects. They took the view public bodies which had the power to oblige people to provide personal information were under a particular onus to ensure that the information demanded was always adequate relevant and not excessive.
  • 20. Cases Community Charge Registration Officer of Runnymede Borough Council v. Data Protection Registrar ( Case DA/90, 25/49/3 October 11, 1990) The Tribunal upheld a similar approach taken with respect to the holding of dates of birth. It was accepted, however, that the holding of dates of birth could be relevant in respect of those persons who would shortly become eligible to vote the age of 18.
  • 21. The data controller should consider for all data : The number of individuals on whom information is held  The number of individuals for whom it is used  The nature of the personal data  The length of time it is held  The way it was obtained  The possible consequences for individuals of the holding or erasure of the data  The way in which it is used  The purpose for which it is held
  • 22. References „ THE DATA PROTECTION ACT, 1998 „ Data Protection Act 1998: Legal Guidance; available from http://www.ico.gov.uk/upload/documents/library/data_protecti on/detailed_specialist_guides/data_protection_act_legal_guida nce.pdf „ Hamilton, Angus and Jay, Rosemary, Data Protection Act 1998 (UK: Sweet & Maxwell, 1999)