Privacy & Information Security Law Blog

On September 4, 2014, the UK Information Commissioner’s Office (“ICO”) published guidance on data protection for the media entitled Data protection and journalism: a guide for the media (the “Guidance”).

The Guidance explains how the UK Data Protection Act 1998 (“DPA”) applies to journalism, provides advice on good practices for journalists and the media, and clarifies the role of the ICO in relation to the media. The Guidance follows the 2012 report on the Leveson Inquiry, which was created to investigate the culture, practices and ethics of the press and recommended that the ICO “take immediate steps, in consultation with the industry, to prepare and issue comprehensive good practice guidelines and advice on appropriate principles and standards to be observed by the press in the processing of personal data.”

The Guidance is split into three sections:

• Section 1 expands on the ICO’s paper Data protection and journalism: a quick guide, provides practical guidance on compliance with the basic principles of UK data protection law, and provides broad guidelines on the effect of the DPA in key areas.
• Section 2 contains technical guidance on certain key provisions of the DPA, with a particular focus on the interpretation and applicability of the exemption for journalism in the DPA. This section is aimed at those individuals with particular data protection compliance responsibilities and thus likely is more relevant for media organizations rather than freelance journalists.
• Section 3 details the role of the ICO in enforcing the DPA, and explains how the ICO handles complaints received under the DPA.

The Guidance is not legally binding and is intended to assist journalists and those working in the media to comply with existing law in the area. There are no direct consequences for failing to comply with the Guidance, unless the failure also is a breach of the DPA. The Guidance contains numerous practical tips and recommendations to comply with the DPA, and highlights particularly risky practices under the DPA, such as the use of covert methods of investigation.

Helpfully, the Guidance also refers to existing codes of practice where relevant, such as the Editors’ Code of Practice, the Ofcom Broadcasting Code and the BBC’s Editorial Guidelines, explaining how the media’s wider responsibilities relate to its obligations under the DPA.