Protecting ‘privacy’ through control of ‘personal’ data processing: a flawed approach

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)
10 Downloads (Pure)


The development of a frontier-free internal market and of the so-called ‘information society’ have resulted in an increase in the flow of personal data between EU member states. To remove potential obstacles to such transfers, data protection legislation was introduced. One of the underpinning principles of Directive 95/46/EC is the protection of privacy. Yet, the legislation does not provide a conclusive understanding of the terms ‘privacy’ or ‘private’ data. Rather, privacy protection is to be achieved through the regulation of the conditions under which personal data may be processed. An assessment of whether, 10 years after the enactment of the Data Protection Act 1998 (DPA 1998), a coherent understanding of the concept of personal data exists, necessitated an analysis of the decisions in Durant v. FSA ([2003] EWCA Civ 1746) and CSA v. SIC ([2008] 1 WLR 1550, [2008] UKHL 47). Furthermore, in order to examine the effectiveness of the legislation, this article examines whether the term ‘personal’ is synonymous with the term ‘private’ data and whether control over processing of personal information protects privacy. By drawing on interviews with privacy and data protection experts, and from the findings of a survey of bloggers, it will be shown that a review of the assumptions and concepts underpinning the legislation is necessary.
Original languageEnglish
Pages (from-to)47-58
Number of pages12
JournalInternational Review of Law, Computers & Technology
Issue number1-2
Publication statusPublished - 2009

Cite this