REFERENCES

Guidelines for the Regulation of Computerized Personal Data Files, adopted by General Assembly resolution 45/95 of 14 December 1990 .

Recommendation of the Council of the OECD concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980 .

Council of Europe Convention on the Protection of Individuals with Regard to Automatic Processing of Personal Data, 28 January 1981 .

Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 95/46/EC.

S.D. Warren and L.D. Brandies ( 1890 ) The right to privacy, Harvard Law Review, 4 ( 5 ).

A v. B & C [2002] EWCA Civ 337 , 11 March 2002 .

v. Peck United Kingdom, European Court of Human Rights, 28 January 2003 .

v. Campbell Mirror Group Newspapers, [2004] UKHL 22, 6 May 2004 .

v. Von Hannover , Germany, European Court of Human Rights, 24 June 2004 .

v. Douglas Hello! Ltd (No 2), [2005] EWCA Civ 595, 18 May 2005 .

Council of Europe Recommendation 509 on human rights and modern scientific and technological developments, 31 January 1968 .

Council of Europe Resolution (74) 29 on the protection of the privacy of individuals vis-à-vis electronic data banks in the public sector, 20 September 1974 .

Council of Europe Resolution (73) 22 on the protection of the privacy of individuals vis-à-vis electronic data banks in the private sector, 26 September 1973 .

Council of Europe Resolution (74) 29 on the protection of the privacy of individuals vis-à-vis electronic data banks in the public sector, 20 September 1974 .

Recommendation of the Council of the OECD concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980 .

Council of Europe Convention on the Protection of Individuals with Regard to Automatic Processing of Personal Data, 28 January 1981 .

Commission of 29 July 1981 relating to the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data (81/679/EEC).

Commission proposal for the Data Protection Directive, 1990 .

Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 95/46/EC.

Commission’s first report on the implementation of the Data Protection Directive, 15 May 2003 .

v. Campbell Mirror Group Newspapers, [2004] 6 May 2004 .

v. Douglas Hello! Ltd (No 2), [2005] EWCA Civ 595, 18 May 2005 .

A v. B & C [2002] EWCA Civ 337, 11 March 2002 .

v. Bodil Lindqvist Åklagarkammaren i Jönköping, (Case C-101/01) [ 2004 ] 1 CMLR 20 ECJ.

Directive of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector 97/66/EC.

Directive of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 2002/58/EC.

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

Article 29 Working Party Working Document on Genetic Data, WP 91, 17 March 2004 .

Article 29 Working Party Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC, 27 February 2004 .

Article 29 Working Party Opinion 2/2003 on the application of the data protection principles to the Whois Directory, 13 June 2006 .

Article 29 Working Party Opinion 4/2003 on the level of protection ensured in the US for the transfer of passengers’ data, 13 June 2003 .

v. Durant Financial Services Authority [2004] EWCA Civ 1746, 8 December 2003 .

Commission’s first report on the implementation of the Data Protection Directive, 15 May 2003 .

v. Bodil Lindqvist Åklagarkammaren i Jönköping, (Case C-101/01) [ 2004 ] 1 CMLR 20 ECJ.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

Recommendation of the Council of the OECD concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980 .

v. Smith Lloyds TSB Bank Plc [ 2005 ] EWHC 246 (Ch), 23 February 2005 .

v. Campbell Mirror Group Newspapers [ 2003 ] EWCA Civ 1372, 14 October 2002 . This is the judgement of the Court of Appeal.

v. Johnson Medical Defence Union [ 2006 ] EWHC 321 (Ch), 3 March 2006 .

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

Information Commissioner ( 2006 ) The ‘Durant’ case and the impact of the Data Protection Act 1998,available www.ico.gov.uk.

Information Commissioner ( 2005 ) A strategy for data protection regulatory action, available www.ico.gov.uk.

Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000/417.

v. Johnson Medical Defence Union [ 2006 ] EWHC 321 (Ch), 3 March 2006 .

CNN Credit Systems Ltd v. The Data Protection Registrar, Data Protection Tribunal, 15 February 1991 .

v. Campbell Mirror Group Newspapers [ 2003 ] EWCA Civ 1372, 14 October 2002 .

v. Lloyds Smith TSB Bank Plc [ 2005 ] EWHC 246 (Ch), 23 February 2005 .

v. Johnson Medical Defence Union [ 2004 ] EWHC 347 (Ch), 20 February 2004 .

v. Harper The Information Commissioner [ 2005 ] EA/2005/0001, 14 November 2005 This case can be downloaded from the Information Tribunal website: www.informationtribunal.gov.uk.

v. Skjevesland Geveran Trading Co Ltd [ 2002 ] EWCA Civ 1567, 30 October 2002 .

Article 29 Working Party Working Document on determining the international application of EU data protection law to personal data processing on the Internet by non-EU based web sites, WP 56, 30 May 2002

Information Commissioner(n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Information Commissioner(n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Innovations (Mail Order) Ltd v. The Data Protection Registrar, Data Protection Tribunal, 29 September 1993 .

Linguaphone Institute Ltd v. The Data Protection Registrar, Data Protection Tribunal, 14 July 1995 .

British Gas Trading Ltd v. Data Protection Registrar, Data Protection Tribunal, 24 March 1998 .

Midlands Electricity Plc v. The Data Protection Registrar, Data Protection Tribunal, 7 May 1999 .

v. Johnson Medical Defence Union [ 2006 ] EWHC 321 (Ch), 3 March 2006 .

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

v. Johnson Medical Defence Union [ 2006 ] EWHC 321 (Ch), 3 March 2006 .

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000, SI 2000/186.

Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000, SI 2000/186.

CNN Credit Systems Ltd v. The Data Protection Registrar , Data Protection Tribunal, 15 February 1991 .

Infolink Ltd v. The Data Protection Registrar, Data Protection Tribunal, 28 February 1992 .

Credit and Data Marketing Services Ltd v. The Data Protection Registrar, Data Protection Tribunal, 15 October 1991 .

Innovations (Mail Order) Ltd v. The Data Protection Registrar, Data Protection Tribunal, 29 September 1993 .

Linguaphone Institute Ltd v. The Data Protection Registrar, Data Protection Tribunal, 14 July 1995 .

British Gas Trading Ltd v. Data Protection Registrar, Data Protection Tribunal, 24 March 1998 .

Midlands Electricity Plc v. The Data Protection Registrar, Data Protection Tribunal, 7 May 1999 .

Directive of the European Parliament and of the Council of 12 July 2002 concerning the rocessing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 2002/58/EC.

Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188.

Information Commissioner ( 2001 ) Notification handbook – A complete guide to notification, available www.ico.gov.uk.

Information Commissioner ( 2001 ) Notification exemptions – A self assessment guide, available www.ico.gov.uk.

Data Protection (Fees under section 19(7)) Regulations 2000, SI 2000/ 187.

Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188.

Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

v. Lloyds Smith TSB Bank Plc [ 2005 ] EWHC 246 (Ch), 23 February 2005 .

Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/191.

Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/191.

Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/191.

Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/191.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

Consumer Credit (Credit Reference Agency) Regulations 2000, SI 2000/ 290.

Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004.

v. Johnson Medical Defence Union [ 2004 ] EWHC 2509 (Ch), 9 November 2004 .

Information Tribunal (Enforcement Appeals) Rules 2000, SI 2000/189.

The Data Protection (Subject Access Modification) (Health) Order 2000, SI 2000/413.

The Data Protection (Subject Access Modification) (Education) Order 2000, SI 2000/414.

The Data Protection (Subject Access Modification) (Social Work) Order 2000, SI 2000/415.

Data Protection (Designated Codes of Practice) (No 2) Order 2000, SI 2000/1864.

Information Commissioner ( 2005 ) Data protection good practice note – Subject access and employment references, available www.ico.gov.uk.

‘New guidance clarifies students’ rights to exam information’, Information Commissioner press release, 2 August 2005 ; Information Commissioner ( 2005 ) Data protection good practice note: Individuals’ rights of access to examination records, available www.ico.gov.uk.

Data Protection (Miscellaneous Subject Access Exemptions) Order 2000, SI 2000/419.

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Community Charge Registration Officer Of Rhondda Borough Council v. Data Protection Registrar, Data Protection Tribunal, 11 October 1990 .

Community Charge Registration Officer of Runnymede Borough Council v. Data Protection Registrar, Community Charge Registration Officer of South Northamptonshire District Council v. Data Protection Registrar and Community Charge Registration Officer of Harrow Borough Council v. Data Protection Registrar, Data Protection Tribunal, 27 October 1990 .

The Chief Constables of West Yorkshire, South Yorkshire and North Wales Police v. The Information Commissioner, Information Tribunal, 12 October 2005 .

The Chief Constables of West Yorkshire, South Yorkshire and North Wales Police v. The Information Commissioner, Information Tribunal , 12 October 2005 .

Information Commissioner (2005) The Employment Practices Code , available www.ico.gov.uk.

Information Commissioner (n.d.) The Employment Practices Code: Supplementary guidance, available www.ico.gov.uk.

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, SI 2000/2699 .

European Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC, (2002/16/EC).

Information Commissioner’s authorization under Section 54(6) and Schedule 4, paragraph 9 of the DPA , 18 March 2003 .

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, available www.ico.gov.uk.

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance , available www.ico.gov.uk.

v. Bodil Lindqvist Åklagarkammaren i Jönköping, (Case C-101/01) [2004] 1 CMLR 20 ECJ.

Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000/417.

Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000/417.

Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002, SI 2002/2905.

R (on the application of Alan Lord) v. The Secretary of State for the Home Department [ 2003 ] EWHC 2073, 1 September 2003 .

Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000/417.

Directive of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 2002/58/EC.

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance , available www.ico.gov.uk .

Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426.

Directive of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 2002/58/EC.

Innovations (Mail Order) Ltd v. The Data Protection Registrar, Data Protection Tribunal, 29 September 1993 .

Linguaphone Institute Ltd v. The Data Protection Registrar, Data Protection Tribunal, 14 July 1995 .

British Gas Trading Ltd v. Data Protection Registrar, Data Protection Tribunal, 24 March 1998 .

Midlands Electricity Plc v. The Data Protection Registrar, Data Protection Tribunal, 7 May 1999 .

Information Commissioner (2005) Data protection good practice note – Electronic mail marketing, available www.ico.gov.uk.

Article 29 Working Party Working Document on transfers of personal data to third countries, applying Articles 25 and 26 of the EU data protection directive, WP 12, 24 July 1998 .

Available at www.export.gov/safeharbor/.

European Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (2000/520/EC).

European Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (2000/ 518/EC).

European Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Hungary (2000/519/ EC).

European Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act (2002/2/EC).

European Commission Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina.

European Commission Decision of 21 November 2003 on the adequate protection of personal data in Guernsey (2003/821/EC).

European Commission Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man (2004/411/EC).

Aviation & Transport Security Act, 19 November 2001.

European Commission Decision of 14 May 2004 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the US Bureau of Customs and Border Protection (2004/535/EC).

Council Decision of 17 May 2004 on the conclusion of an agreement between the European Community and the US on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection (2004/496/EC).

Article 29 Working Party Opinion 1/2004 on the level of protection ensured in Australia for the transmission of Passenger Name Record data from airlines, 16 January 2005 .

Article 29 Working Party Opinion 1/2005 on the level of protection ensured in Canada for the transmission of Passenger Name Record and Advance Passenger Information from airlines, 19 January 2005 .

European Data Protection Supervisor v. Council of the European Communities, [ 2006 ], Case C-317/04.

European Data Protection Supervisor v. Commission of the European Communities, [ 2006 ] Case C-318/04.

Article 29 Working Party Working Document 74, Applying Article 26(2) of the EU Data Protection Directive to Binding Corporate Rules for international data transfer.

Article 29 Working Party Working Document Setting Forth a Co-Operation Procedure for Issuing Common Opinions on Adequate Safeguards Resulting From ‘Binding Corporate Rules’, WP 107, 14 April 2005 .

Article 29 Working Party Working Document establishing a model checklist application for approval of Binding Corporate Rules, WP 108, 14 April 2005 .

European Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC (2001/497/EC).

European Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries (2004/915/EC).

Article 29 Working Party Working Document on transfers of personal data to third countries, applying Articles 25 and 26 of the EU data protection directive, WP 12, 24 July 1998 .

Article 29 Working Party Opinion of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries.

European Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2002/16/EC).

The authorizations are available on the Information Commissioner’s website: www.ico.gov.uk.

Directive of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector 97/66/EC.

Directive of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 2002/58/EC.

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, SI 2000/2699.

Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations.

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426.

Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2004, SI 2004/1039.

Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002, SI 2002/1931.

Regulation of Investigatory Powers (Conditions for the Lawful Interception of Persons outside the United Kingdom) Regulations 2004, SI 2004/157.

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, SI 2000/2699.

Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002, SI 2002/1931.

Regulation of Investigatory Powers (Communications Data) Order 2003, SI 12003/3172.

Retention of Communications Data (Code of Practice) Order 2003, SI 2003/3175.

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

v. Johnson Medical Defence Union [ 2006 ] EWHC 321 (Ch), 3 March 2006 .

v. Campbell Mirror Group Newspapers Limited [ 2002 ] EWHC 499 (QB), 27 March 2002 . This is the High Court judgement.

Information Commissioner (n.d.) Data Protection Act 1998 legal guidance, www.ico.gov.uk.

Article 29 Working Party Working Document: Judging industry self-regulation: when does it make a meaningful contribution to the level of data protection in a third country? 14 January 1998

Information Commissioner ( 2005 ) A strategy for data protection regulatory action, available www.ico.gov.uk.

‘New division gets tough with businesses over personal information’, Information Commissioner press release, 15 June 2005 .

‘One third of solicitors likely to be in breach of Data Protection Act’, Information Commissioner press release, 12 August 2005 .

The Information Commissioner’s annual reports are available from www.ico.gov.uk.

Information Tribunal (Enforcement Appeals) Rules 2000, SI 2000/189.

Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

R. v. Lawrence AC 510 [ 1982 ]

Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000/417.

v. Durant Financial Services Authority [ 2004 ] EWCA Civ 1746, 8 December 2003 .

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, SI 2000/2699.

Information Commissioner ( 2005 ) Employment Practices Code, available www.ico.gov.uk.

Information Commissioner ( 2004 ) CCTV systems and the Data Protection Act – Good practice note on when the Act applies, available www.ico.gov.uk.

Information Commissioner ( 2005 ) A strategy for data protection regulatory action, available www.ico.gov.uk.