If you were thinking it had become a little quiet around here then you were right - I've spent the last week in the induction phase of the Bar Vocational Course. After a year doing an LLM that was concerned with specific areas of almost entirely civil law I am having to revisit the whole wider legal spectrum, including that 'criminal' stuff I dimly remember from W201. However, this doesn't mean any less interest in lawblogging on IT and IP law; to the contrary, I am keen to keep myself abreast of my intending area of specialisation.
Something that did catch my eye last week was this story on how Marks & Spencer claimed that the Data Protection Act meant that it could not talk to the mother of a child who had received a defective Superman costume as a gift and insisted on speaking directly to the seven-year-old boy himself. As this item in The Times notes, this is just the latest in a depressingly long line of examples of how the DPA is being misinterpreted and overzealously applied whilst agencies of HM Government - who really should be applying its requirements stringently - repeatedly mislay vast swathes of sensitive personal data. For my part, I would go further; it is hard to avoid the suspicion that the DPA is being invoked to excuse laziness, conceal incompetence and in some cases to indulge in pure administrative bloody-mindedness. In one instance I'm personally aware of, a building management company refused to release financial records on income and expenditure on the grounds of 'data protection' despite the clear statutory requirements of ss.21-22 Landlord and Tenant Act 1985 to do so. In the M&S case, surely common sense should have dictated that the parent or guardian of a minor is the appropriate person to speak to? But no, the bogeyman of Data Protection is offered up instead.
In wider terms, this is symptomatic of a worrying tendency (I almost said 'trend', but I suspect it has long been thus) for people to assume that, because they are dimly aware that a certain area is regulated by law, any conduct impinging on that area is forbidden. The more that the legal regulation is publicised, the more prevalent and extensive this assumption becomes. We see this in the vexed issue of public photography, where anti-terrorism campaigns and hysterical news coverage have had the (I hope) unintended effect of convincing security guards and members of the public that anyone with a moderately decent camera is either a terrorist or a paedophile. Unfortunately, this suggests that the more we see of well-justified news stories about data protection failings, the more we might hear of shop assistants invoking the DPA.
Posts on this blog represent my opinion. It may be my considered opinion on the basis of my formal study of law and technology. But it is not legal advice. It must not be treated as, or acted upon as, legal advice and no liability is accepted for doing so.