This is a curious situation, not least for the connection with the Lindqvist case (case | commentary by Karen McCullagh via Jonathan Zittrain | a good summary from Findlaw), where the European Court of Justice interpreted the Data Protection Directive and found that the activities of nosy Lindqvist (who had posted what can only be described as relatively silly information about her neighbours on a website) were covered under the law and not exempted on the grounds of being purely personal.
The case reported in The Register deals with video (which inevitably ended up on GooTube). Now, of course, video is an important part of data protection, with (for example) CCTV use being restricted under the Directive. I do appreciate the fears of the council, which argued:
“The Council believes that the YouTube recording breaches the Data Protection Act, since the recording was made without the knowledge or consent of our member of staff” … “We have concerns that, because the case involves court proceedings, it could prejudice child protection and safeguarding outcomes.”
The expert quoted in the article argues that Lindqvist prevents the videor in this case from relying on an exemption. That is debatable, of course, but is on the face of it a strong point. (One should note that there has been no conviction or anything, but our GooTube friends have taken down the video. There’s a surprise).
Back to the Council’s worlds. First of all, the court proceedings issue just confuses the matter – if it exists, it can and should be dealt with outside the context of data protection law. Indeed, I think the valuable body of law that is data protection may not be appropriate as a general way of regulating video-on-the-Web.
In truth, the Data Protection Act is being wielded as a shield by the Council to control what information is being circulated about its activities (and I’m not judging the rights and wrongs of the actual dispute here, which seems both painful and controversial: some more on the context and on what is said in the video here), which seems quite far from the purpose of data protection law in general. I agree that ‘personal data’ should be given a broad interpretation, but when it comes to a State organisation using what may well be a figleaf of protecting the ‘data’ (presumably little more than the fact that the video is personal data in that it identifies a person, as surely the views expressed are corporate and not personal?) and using the handy data protection law as it’s the best tool at hand. My fear is that it is also a blunt tool, and that its use in this way may encourage other corporations and public authorities to protect their interests in this way – which in turn can undermine public confidence in data protection as a consumer/citizen/end-user shield.
At least we can’t blame this one on the European Convention, which as all good Tories know, eats your babies.