The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
2.16 Deputy T.M. Pitman of H.M. Attorney General regarding prosecutions under the Data Protection (Jersey) Law 2005:
Does the Attorney General make decisions on prosecutions under the Data Protection (Jersey) Law 2005 in place of the Data Protection Commissioner when that individual is conflicted? Could he explain what the difference is between a regulatory and a criminal breach of the Data Protection Law?
The Attorney General:
The Data Protection (Jersey) Law 2005 is a complex piece of legislation and is difficult to summarise its approach in the ambit of an answer to an oral question. A regulatory breach of the law, for example, a contravention of one or more of the data protection principles under Article 40 is a matter for the office of the Data Protection Commissioner alone. In the event that the Commissioner is or may be conflicted such
a decision would, as I understand it, be taken by the Deputy Data Protection Commissioner. Before taking action the Office of the Commissioner, or Deputy
Commissioner as the case may be, can take legal advice, either from a member of my department or from the private sector. Where an offence under the law may have been committed, for example, a failure to notify under Articles 17 and 21, or unlawful obtaining of data under Article 55, my consent, under Article 61 of the law is required before any prosecution is brought. While the question of whether or not to bring a prosecution is ultimately one for the Attorney General, a decision not to prosecute does not prevent the Commissioner from then dealing with the matter on a regulatory basis. As a matter of good practice the Data Protection Commissioner will consult with me when she is considering a possible breach of the law which might, in her view, result in criminal proceedings being instituted.
[11:15]
- Deputy T.M. Pitman:
I thank the Attorney General for his very extensive answer. Could the Attorney General then subsequently clarify whether or not, as a States Member, if I were to receive documents belonging to a third party, receive them without their knowing and yet failed to notify the Data Protection Commissioner, would I be breaching either a regulatory or a criminal aspect of Data Protection law?
The Attorney General:
It is a difficult question to answer on the very bald statement of the potential facts. It seems to me that there may be no breach at all, or there may be a regulatory breach, or there may be a criminal breach, depending upon the detailed circumstances in which the information came into the possession of the individual concerned and what use was made of it.
Deputy T.M. Pitman:
May I just say, spoken like a true lawyer, thank you.
- Deputy C.F. Labey of Grouville :
What means of appeal does an individual have against decisions taken or made by the Data Protection Commissioner?
The Attorney General:
Decisions of a regulatory nature taken by the Data Protection Commissioner can be appealed to the Data Protection Tribunal under the law, part 5.