Skip to main content

Internet: Data Protection

Volume 475: debated on Tuesday 13 May 2008

To ask the Secretary of State for Business, Enterprise and Regulatory Reform if he will bring forward legislative proposals to prohibit the re-publication without the subject’s permission of images of persons posted on social networking sites; and if he will make a statement. (199411)

[holding answer 21 April 2008]: The use of computerised personal information in the United Kingdom is regulated by the Data Protection Act 1998. The Information Commissioner who administers and enforces the Act independently of the Government. The Act does not prohibit the dissemination of personal data to third parties, including via the internet, but it regulates the circumstances in which this can take place through a code of enforceable good practice principles. Among other things, they require personal data to be processed fairly and lawfully, obtained only for specified and lawful purposes, and not further processed incompatibly with those purposes.

Any directly affected person may ask the Information Commissioner to assess whether it is likely or unlikely that any processing of personal data has been or is being earned out in compliance with the Act. If the Commissioner concludes that any of the Act’s principles are being breached, it is open to him to take enforcement action against the organisation concerned.