法律英语词汇“data protection”的翻译、意思、用法、释义-法律词典

data protection
Safeguards relating to personal data, i.e. personal information about individuals that is stored on a computer and on “relevant manual filing systems”. In the UK the principles of data protection, the responsibilities of data controllers, and the rights of data subjects were set out in the Data Protection Act 1998, which came into force in 2000. The 1998 Act extended the operation of protection beyond computer storage, replaced the system of registration with one of notification, and demanded that the level of description by data controllers should be more general than the detailed coding system previously required. Under the Act, the eight principles of data protection are:

1. The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.

2. Personal data shall be held only for specified and lawful purposes and shall not be used or disclosed in any manner incompatible with those purposes.

3. Personal data held for any purpose shall be relevant to that purpose and not excessive in relation to the purpose(s) for which it is used.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data held for any purpose shall not be kept longer than necessary for that purpose.

6. Personal data shall be processed in accordance with the rights of data subjects.

7. Appropriate technical and organizational measure shall be taken against unauthorized and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Data controllers must notify their processing of data (unless they are exempt) with the Information Commissioner. Notification is renewable annually; a controller who fails to notify his or her processing of data, or any changes that have been made since notification, commits a criminal offence.

The Information Commissioner can seek information from and ultimately take enforcement action against data controllers for noncompliance with their full obligations under the Act. Appeals against decisions of the Commissioner may be made to the Information Tribunal (now part of the General Regulatory Chamber of the First-tier Tribunal). Apart from non-notification, strict liability criminal offences created under the 1998 Act include:

• obtaining, disclosing (or bringing about the disclosure), or selling (or advertising for sale) personal data, without consent of the data controller;

• obtaining unauthorized access to data;

• asking another person to obtain access to data;

• failing to respond to an information and/or enforcement notice.

Data subjects had considerable rights conferred on them under the 1998 Act. They include:

• the right to find out what information is held about them;

• the right to seek a court order to rectify, block, erase, and destroy personal details if these are inaccurate, contain expressions of opinion, or are based on inaccurate data;

• the right to prevent processing where such processing would cause substantial unwarranted damage or substantial distress to themselves or anyone else;

• the right to prevent the processing of data for direct marketing;

• the right to compensation from a data controller for damage or damage and distress caused by any breach of the Act.

In May 2018 the Data Protection Act 1998 was replaced by a new Act implementing EU regulation 2016/699 (the General Data Protection Regulation; GDPR). The main changes are a broader definition of personal data and a greater emphasis on accountability and governance issues. Data controllers are required to demonstrate their compliance with the new Act by maintaining internal records of processing activities.