Can websites contravene the Data Protection Act?
The European Court of Justice has given its ruling in the case of Lindqvist. Mrs Lindqvist created several pages on a website for her church group. The pages included information about the congregation including details of a members foot injury. Swedens data protection legislation (like the UKs Data Protection Act 1998) implements the EUs Data Protection Directive. The Directive prohibits the export of personal data outside the EU unless one of the exemptions apply. Mrs Lindquist was charged under the Swedish data protection legislation with the unauthorised transfer of personal data outside the EU. The ECJ ruled that the posting of the information on the website was a processing of personal data within the meaning of both the Directive and Swedens implementing legislation. Including the details of the foot injury was a processing of sensitive personal data and so was subject to tighter controls. Posting of the information to the website however was found not to be a transfer of data o
