| Data Protection Act 1984 (c. 35) |
| 1984 Chapter c.35 - continued |
|
 |
|
| |
PART V |
| |
GENERAL |
| General duties of Registrar. |
36. - (1) It shall be the
duty of the Registrar so to perform his functions under this Act as to
promote the observance of the data protection principles by data users
and persons carrying on computer bureaux.
|
| |
(2) The Registrar may consider any complaint
that any of the data protection principles or any provision of this Act
has been or is being contravened and shall do so if the complaint appears
to him to raise a matter of substance and to have been made without undue
delay by a person directly affected; and where the Registrar considers
any such complaint he shall notify the complainant of the result of his
consideration and of any action which he proposes to take.
|
| |
(3) The Registrar shall arrange for the
dissemination in such form and manner as he considers appropriate of such
information as it may appear to him expedient to give to the public about
the operation of this Act and other matters within the scope of his functions
under this Act and may give advice to any person as to any of those matters.
|
| |
(4) It shall be the duty of the Registrar,
where he considers it appropriate to do so, to encourage trade associations
or other bodies representing data users to prepare, and to disseminate
to their members, codes of practice for guidance in complying with the
data protection principles.
|
| |
(5) The Registrar shall annually lay
before each House of Parliament a general report on the performance of
his functions under this Act and may from time to time lay before each
House of Parliament such other reports with respect to those functions
as he thinks fit.
|
| Co-operation between parties to Convention. |
37. The Registrar shall be
the designated authority in the United Kingdom for the purposes of Article
13 of the European Convention; and the Secretary of State may by order
make provision as to the functions to be discharged by the Registrar in
that capacity.
|
| Application to government departments and
police. |
38. - (1) Except as provided
in subsection (2) below, a government department shall be subject to the
same obligations and liabilities under this Act as a private person; and
for the purposes of this Act each government department shall be treated
as a person separate from any other government department and a person
in the public service of the Crown shall be treated as a servant of the
government department to which his responsibilities or duties relate.
|
| |
(2) A government department shall not
be liable to prosecution under this Act but-
|
| |
(a) sections 5(3) and 15(2) above (and, so far as relating to those
provisions, sections 5(5) and 15(3) above) shall apply to any person who
by virtue of this section falls to be treated as a servant of the government
department in question; and
|
| |
(b) section 6 (6) above and paragraph 12 of Schedule 4 to this Act
shall apply to a person in the public service of the Crown as they apply
to any other person.
|
| |
(3) For the purposes of this Act-
|
| |
(a) the constables under the direction and control of a chief officer
of police shall be treated as his servants; and
|
| |
(b) the members of any body of constables maintained otherwise than
by a police authority shall be treated as the servants-
|
| |
(i) of the authority or person by whom that body is maintained, and
|
| |
(ii) in the case of any members of such a body who are under the direction
and control of a chief officer, of that officer.
|
| |
(4) In the application of subsection
(3) above to Scotland, for the reference to a chief officer of police there
shall be substituted a reference to a chief constable.
|
| |
(5) In the application of subsection
(3) above to Northern Ireland, for the reference to a chief officer of
police there shall be substituted a reference to the Chief Constable of
the Royal Ulster Constabulary and for the reference to a police authority
there shall be substituted a reference to the Police Authority for Northern
Ireland.
|
| Data held, and services provided, outside
the United Kingdom. |
39. - (1) Subject to the following
provisions of this section, this Act does not apply to a data user in respect
of data held, or to a person carrying on a computer bureau in respect of
services provided, outside the United Kingdom.
|
| |
(2) For the purposes of subsection (1)
above-
|
| |
(a) data shall be treated as held where the data user exercises the
control referred to in subsection (5) (b) of section 1 above in relation
to the data; and
|
| |
(b) services shall be treated as provided where the person carrying
on the computer bureau does any of the things referred to in subsection
(6) (a) or (b) of that section.
|
| |
(3) Where a person who is not resident
in the United Kingdom-
|
| |
(a) exercises the control mentioned in paragraph (a) of subsection
(2) above; or
|
| |
(b) does any of the things mentioned in paragraph (b) of that subsection,
|
| |
through a servant or agent in the United Kingdom, this Act
shall apply as if that control were exercised or, as the case may be, those
things were done in the United Kingdom by the servant or agent acting on
his own account and not on behalf of the person whose servant or agent
he is.
|
| |
(4) Where by virtue of subsection (3)
above a servant or agent is treated as a data user or as a person carrying
on a computer bureau he may be described for the purposes of registration
by the position or office which he holds; and any such description in an
entry in the register shall be treated as applying to the person for the
time being holding the position or office in question.
|
| |
(5) This Act does not apply to data processed
wholly outside the United Kingdom unless the data are used or intended
to be used in the United Kingdom.
|
| |
(6) Sections 4(3)(e) and 5(2)(e) and
subsection (1) of section 12 above do not apply to the transfer of data
which are already outside the United Kingdom; but references in the said
section 12 to a contravention of the data protection principles include
references to anything that would constitute such contravention if it occurred
in relation to the data when held in the United Kingdom.
|
| Regulations, rules and orders. |
40. - (1) Any power conferred
by this Act to make regulations, rules or orders shall be exercisable by
statutory instrument.
|
| |
(2) Without prejudice to sections 2(6)
and 29(3) above, regulations, rules or orders under this Act may make different
provision for different cases or circumstances.
|
| |
(3) Before making an order under any
of the foregoing provisions of this Act the Secretary of State shall consult
the Registrar.
|
| |
(4) No order shall be made under section
2(3), 4(8), 29, 30 or 34(2) above unless a draft of the order has been
laid before and approved by a resolution of each House of Parliament.
|
| |
(5) A statutory instrument containing
an order under section 21 (9) or 37 above or rules under paragraph 4 of
Schedule 3 to this Act shall be subject to annulment in pursuance of a
resolution of either House of Parliament.
|
| |
(6) Regulations prescribing fees for
the purposes of any provision of this Act or the period mentioned in section
8(2) above shall be laid before Parliament after being made.
|
| |
(7) Regulations prescribing fees payable
to the Registrar under this Act or the period mentioned in section 8 (2)
above shall be made after consultation with the Registrar and with the
approval of the Treasury; and in making any such regulations the Secretary
of State shall have regard to the desirability of securing that those fees
are sufficient to offset the expenses incurred by the Registrar and the
Tribunal in discharging their functions under this Act and any expenses
of the Secretary of State in respect of the Tribunal.
|
| General interpretation. |
41. In addition to the provisions
of sections 1 and 2 above, the following provisions shall have effect for
the interpretation of this Act-
|
| |
"business" includes any trade or profession;
|
| |
"data equipment" means equipment for the automatic processing of data
or for recording information so that it can be automatically processed;
|
| |
"data material" means any document or other material used in connection
with data equipment;
|
| |
"a de-registration notice" means a notice under section 11 above;
|
| |
"enactment" includes an enactment passed after this Act;
|
| |
"an enforcement notice" means a notice under section 10 above;
|
| |
"the European Convention" means the Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data which
was opened for signature on 28th January 1981;
|
| |
"government department" includes a Northern Ireland department and
any body or authority exercising statutory functions on behalf of the Crown;
|
| |
"prescribed" means prescribed by regulations made by the Secretary
of State;
|
| |
"the Registrar" means the Data Protection Registrar;
|
| |
"the register", except where the reference is to the register of companies,
means the register maintained under section 4 above and (except where the
reference is to a registered company, to the registered office of a company
or to registered post) references to registration shall be construed accordingly;
|
| |
"registered company" means a company registered under the enactments
relating to companies for the time being in force in any part of the United
Kingdom;
|
| |
"a transfer prohibition notice" means a notice under section 12 above;
|
| |
"the Tribunal" means the Data Protection Tribunal.
|
| Commencement and transitional provisions. |
42. - (1) No application for
registration shall be made until such day as the Secretary of State may
by order appoint, and sections 5 and 15 above shall not apply until the
end of the period of six months beginning with that day.
|
| |
(2) Until the end of the period of two
years beginning with the day appointed under subsection (1) above the Registrar
shall not have power-
|
| |
(a) to refuse an application made in accordance with section 6 above
except on the ground mentioned in section 7(2)(a) above; or
|
| |
(b) to serve an enforcement notice imposing requirements to be complied
with, a de-registration notice expiring, or a transfer prohibition notice
imposing a prohibition taking effect, before the end of that period.
|
| |
(3) Where the Registrar proposes to serve
any person with an enforcement notice before the end of the period mentioned
in subsection (2) above he shall, in determining the time by which the
requirements of the notice are to be compiled with, have regard to the
probable cost to that person of complying with those requirements.
|
| |
(4) Section 21 above and paragraph 1
(b) of Schedule 4 to this Act shall not apply until the end of the period
mentioned in subsection (2) above.
|
| |
(5) Section 22 above shall not apply
to damage suffered before the end of the period mentioned in subsection
(1) above and in deciding whether to refuse an application or serve a notice
under Part II of this Act the Registrar shall treat the provision about
accuracy in the fifth data protection principle as inapplicable until the
end of that period and as inapplicable thereafter to data shown to have
been held by the data user in question since before the end of that period.
|
| |
(6) Sections 23 and 24(3) above shall
not apply to damage suffered before the end of the period of two months
beginning with the date on which this Act is passed.
|
| |
(7) Section 24 (1) and (2) above shall
not apply before the end of the period mentioned in subsection (1) above.
|
| Short title and extent. |
43. - (1) This Act may be
cited as the Data Protection Act 1984.
|
| |
(2) This Act extends to Northern Ireland.
|
| |
(3) Her Majesty may by Order in Council
direct that this Act shall extend to any of the Channel Islands with such
exceptions and modifications as may be specified in the Order.
|
