Privacy and Data Protection: The Legal Framework

Privacy and Data Protection: The Legal Framework

Obtaining and disclosing information gives rise to a number of potential legal issues. In addition to possible criminal penalties, there are a number of civil causes of action which may be available to those who feel their private or personal information has been unlawfully obtained, stored, or used. Public authorities are of course bound to act compatibly with the Human Rights Act 1998 (“HRA”). The relevant articles when considering privacy, reputation and disclosure are Articles 8 (right to family and private life) and Article 10 (freedom of expression).

Public authorities may find themselves subject to judicial review if they act incompatibly with these provisions. In addition, section 8 HRA provides for a private law remedy in the form of damages. There are, however, a number of additional private law causes of action also available.


The principle causes of action which this paper will consider are:

  • Claims under s.13 of the Data Protection Act 1998;
  • Misuse of private information / breach of confidence;
  • Claimants under the Protection from Harassment Act 1997.

Article 8 ECHR is incorporated into all of the above and will be relevant regardless of whether a public body is sued under the HRA itself. Additionally, paying public officials for information, or public authorities acting outside the scope of their powers may give rise to a tortious claim for misfeasance in public office, subject to being able to establish a deliberate intent to act unlawfully.

Author: Kirsten Sjøvoll

Publication date: April 25 2014