In a recent article entitled Unlawful Obtaining of Personal Data posted to this website, we explained the nature of and the powers conferred upon the Information Commissioner’s Office (‘ICO’) by the Data Protection Act 2018 (‘the Act’) and explained the operation of section 170 of the Act.

The Data Protection Act 2018 (‘the Act’) gives powers to the Information Commissioner’s Office (ICO) to impose penalties and also prosecute offenders, both corporate and individual, guilty of breaching data protection legislation.

The ICO is an independent authority that supervises privacy regulations in the United Kingdom. As well as investigating potential criminal offences, it can impose very significant fines for breaches of data regulations and oversees data protection.

John Veale of Kangs Solicitors now explains section 171 of the Act which specifically deals with the re-identification of de-identified personal data.

If you are, or anticipate, being investigated by the ICO in relation to any allegations of breach of any provisions of the Act, please feel free to call us for an initial no obligation confidential discussion:

The Section 171 Offence | Kangs Data Protection Offences Defence Solicitors

Section 171 of the Act states that it is an offence for a person knowingly or recklessly:

  • To re-identify information that is de-identified personal data without the consent of the controller responsible for de-identifying the personal data.
  • Personal data is ‘de-identified’ if it has been processed so that it can no longer be attributed, without more information, to a specific person/data subject.
  • A person ‘re-identifies’ information if they take steps which result in the information no longer being de-identified so that it can be attributed to a specific person/data subject.
  • To process personal data that is information that has been re-identified as part of an offence, where the person does so without the consent of the controller responsible for de-identifying the personal data.

The controller is the person who decides how/why to collect and use the data. The controller will thus usually be an organisation/company, but can be an individual as a sole trader.

Possible Defences | Kangs Data Protection Defence Solicitors 

Section 171 of the Act provides that it is a defence for a person charged to prove that the re-identification:

  • was necessary for the purposes of preventing or detecting crime,
  • was required or authorised by an enactment, rule of law, by order of a Court or Tribunal,
  • in the particular circumstances, was justified as being in the public interest,
  • was effected in the reasonable belief that there was consent of the subject/person to whom the information relates or such consent would have been given if the data subject had known about the re-identification and the circumstances of it,
  • there was reasonable belief that the controller responsible for de-identifying the personal data gave their consent or would have done so if that person had known about the re-identification and the circumstances of it,
  • was for special purposes, with a view to the publication of any journalistic, academic, artistic or literary material, and in the reasonable belief that in the particular circumstances the re-identification was justified as being in the public interest,
  • fell within the effectiveness testing provisions under section 172 of the Act.

Consequences of Conviction | Kangs ICO Investigations Solicitors

  • An offence under Section 171 of the Act can be dealt with either by a Magistrates’ or Crown Court with the imposition of a fine, which, in the case of a company, may be calculated according to its financial turnover.
  • Directors and others responsible for the control of companies and other organisations can also be prosecuted if they consented to or acted in connivance with the offending.

How Can We Help? | Kangs Criminal Defence Solicitors

If you are arrested or made subject to any investigation by the ICO, including any allegations involving Data Protection Offences, you should seek immediate expert legal advice and assistance to protect your interests as far as possible.

The team at Kangs Solicitors has a wealth of experience assisting clients facing allegations of Data Protection Act offences of every nature and if you require our help please do not hesitate to make contact through any of the following who will be pleased to hear from you:

Hamraj Kang
hkang@kangssolicitors.co.uk
07976 258171 | 020 7936 6396 | 0121 449 9888

John Veale
jveale@kangssolicitors.co.uk
0121 449 9888 | 020 7936 6396 | 07989 521210

Tim Thompson
tthompson@kangssolicitors.co.uk
020 7936 6396 | 0121 449 9888 | 07989 521210