Charting the data protection labyrinth

This recent addition to the Law Society’s library carries with it the level of authority and practicality that one would expect from a publication jointly authored by three Legal 500-ranked barristers. They have brought and defended data protection, privacy and information law claims on behalf of clients ranging from private individuals and public bodies, to the Information Commissioner’s Office.

The largest section of the book (Part II) deals with current UK data protection laws. This may seem a little risky when one considers the fact that the Data (Use and Access) Bill had only just been laid before parliament at the date of the book’s publication, and had its third reading this week. In reality, while the new legislation will bring some changes, the practical need for the UK to retain its adequacy status under the EU GDPR is likely to mean that those who use this book to navigate their way around the current UK data protection landscape are unlikely to find themselves in unfamiliar territory when the act comes into force.

Part III, which covers ‘Misuse of Private Information and Breach of Confidence’, is an easy read, even for those, like me, whose exposure to and knowledge of such matters is limited to the media coverage which attaches to higher-profile cases. The sections detailing when the law will imply a reasonable expectation of privacy, and what constitutes ‘private information’, both strike the ideal balance between clarity and brevity.

A brief explanation of the constitutional principle which underlies the UK’s freedom of information legislation is included in Part IV, as are the practicalities of making and responding to FOI requests. Part V effectively mops up (almost in passing) related areas of law, such as confidentiality, intellectual property, privilege and disclosure, which are not covered in other sections.

Finally, Part VI looks at appeals and the enforcement of information law, setting out the available causes of action, and applicable time limits, before providing detailed practical guidance on bringing proceedings. The civil courts section goes as far as explaining those parts of the Civil Procedure Rules relevant to any such proceedings, available remedies, and the appeals process, with equal attention also given to an overview of the tribunal process.

The authors’ collective experiences of being on their feet, as advocates, dealing with these kinds of disputes import a level of confidence in their contributions which would perhaps not exist were their backgrounds entirely academic.

The real test of any practitioner’s text, of course, is how often it is likely to get used on a day-to-day basis. As with all things in legal practice, it needs to pay its way. I have had my copy of this book for a few months, and aside from the standard read-through for review purposes, I have already found myself referring to it regularly to deal with some of the routine UK GDPR queries which crop up in my day job as a risk and compliance solicitor.

To date, it has not disappointed.

Sean Gordon is a risk and compliance solicitor