Statutory Instrument 2000 No. 186

The Data Protection (Functions of Designated Authority) Order 2000

(The document as of February, 2008. Arhiv.Online Library)

-- Back--

STATUTORY INSTRUMENTS

2000 No. 186

DATA PROTECTION

The Data Protection (Functions of Designated Authority) Order 2000

	Made	31st January 2000
	Laid before Parliament	7th February 2000
	Coming into force	1st March 2000

The Secretary of State, in exercise of the powers conferred upon him by sections 54(2) and 67(2) of the Data Protection Act 1998[1] and after consultation with the Data Protection Commissioner in accordance with section 67(3) of that Act, hereby makes the following Order:

Citation and commencement
1.This Order may be cited as the Data Protection (Functions of Designated Authority) Order 2000 and shall come into force on 1st March 2000.

Interpretation
2. - (1) In this Order:

"the Act" means the Data Protection Act 1998;

"foreign designated authority" means an authority designated for the purposes of Article 13 of the Convention by a party (other than the United Kingdom) which is bound by that Convention;

"register" means the register maintained under section 19(1) of the Act;

"request", except in article 3, means a request for assistance under Article 14 of the Convention which states -

and "requesting person" means a person making such a request.

    (2) In this Order, references to the Commissioner are to the Commissioner as the designated authority in the United Kingdom for the purposes of Article 13 of the Convention.

Co-operation between the Commissioner and foreign designated authorities
    3. - (1) The Commissioner shall, at the request of a foreign designated authority, furnish to that foreign designated authority such information referred to in Article 13(3)(a) of the Convention, and in particular the data protection legislation in force in the United Kingdom at the time the request is made, as is the subject of the request.

    (2) The Commissioner shall, at the request of a foreign designated authority, take appropriate measures in accordance with Article 13(3)(b) of the Convention, for furnishing to that foreign designated authority information relating to the processing of personal data in the United Kingdom.

    (3) The Commissioner may request a foreign designated authority to furnish to him or, as the case may be, to take appropriate measures for furnishing to him, the information referred to in Article 13(3) of the Convention.

Persons resident outside the United Kingdom
    4. - (1) This article applies where a person resident outside the United Kingdom makes a request to the Commissioner under Article 14 of the Convention, including a request forwarded to the Commissioner through the Secretary of State or a foreign designated authority, seeking assistance in exercising any of the rights under Article 8 of the Convention.

    (2) If the request -

the Commissioner shall notify the requesting person of the data controller's address for the receipt of notices from data subjects exercising their rights under that section and of such other information as the Commissioner considers necessary to enable that person to exercise his rights under that section.

(3) If the request indicates that a data protection principle has been contravened by a data controller the Commissioner shall either -

    (4) The Commissioner shall not be required, in response to any request referred to in paragraphs (2) and (3) above, to supply to the requesting person a duly certified copy in writing of the particulars contained in any entry made in the register other than on payment of such fee as is prescribed for the purposes of section 19(7) of the Act.

Persons resident in the United Kingdom
    5. - (1) Where a request for assistance in exercising any of the rights referred to in Article 8 of the Convention in a country or territory (other than the United Kingdom) specified in the request is made by a person resident in the United Kingdom and submitted through the Commissioner under Article 14(2) of the Convention, the Commissioner shall, if he is satisfied that the request contains all necessary particulars referred to in Article 14(3) of the Convention, send it to the foreign designated authority in the specified country or territory.

    (2) If the Commissioner decides that he is not required by paragraph (1) above to render assistance to the requesting person he shall, where practicable, notify that person of the reasons for his decision.

Restrictions on use of information
    6.Where the Commissioner receives information from a foreign designated authority as a result of either -

the Commissioner shall use that information only for the purposes specified in the request.

Mike O'Brien
Parliamentary Under-Secretary of State

Home Office
31st January 2000

EXPLANATORY NOTE

(This note is not part of the Order)

Section 54(1) of the Data Protection Act 1998 provides that the Data Protection Commissioner ("the Commissioner") shall continue to be the designated authority in the United Kingdom for the purposes of Article 13 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data which was opened for signature on 28th January 1981 ("the Convention"). Section 54(2) provides that the Secretary of State may by order make provision as to the functions to be discharged by the Commissioner in that capacity.

This Order specifies those functions. In particular, article 3 requires the Commissioner to furnish particular information to the designated authorities in other Convention countries and also provides that he may request such authorities to furnish him with information. Article 4 requires the Commissioner to assist persons resident outside the United Kingdom in exercising certain of their rights under Part II of the Act. In the circumstances specified in article 4(2), he is required to notify a resident outside the United Kingdom of certain of the rights and remedies available under Part II of the Act or to treat any request made to him by such a resident as a request for an assessment to be dealt with under section 42 of the Data Protection Act 1998. Article 5 provides that if a request for assistance in exercising, inter alia, rights of access to personal data in a Convention country is made by a person resident in the United Kingdom and submitted to the Commissioner, the Commissioner will send the request to the designated authority in that country.

The Convention is published in the Treaty Series at no. 86 of 1990, Cm 1329. It entered into force in respect of the United Kingdom on 1st December 1987.

A Regulatory Impact Assessment was prepared for the Data Protection Bill as it was then and the statutory instruments to be made under it, and was placed in the libraries of both Houses of Parliament. The Regulatory Impact Assessment is now available on the internet at www.homeoffice.gov.uk. Alternatively, copies can be obtained by post from the Home Office, LGDP Unit, 50 Queen Anne's Gate, London SW1 9AT.

Notes:

[1] 1998 c. 29.back

ISBN 0 11 085859 X

-- Back--

<<<< >>>>

Stat