Book Review: Data Protection Law & Practice

July 25, 2013

Surprisingly, there seems to be no previous SCL review of any edition of Rosemary Jay’s tome, now in its 4th edition. And tome it certainly is, weighing in at over 3.5 pounds according to my trusty kitchen scales. It is also 2.5 inches thick and 1,008 pages long; not one to cart around for a light read! Hardcover only, bearing a princely price tag of £245, this book is clearly aimed at practitioners, and seems intended mainly as a reference work. For example, most chapters start with an introduction and summary of main points, and end with a list of additional materials or other information. 

The book is based on the author’s experience of over 25 years in data protection and information law. She joined the UK regulator in 1987 when it was the Office of the Data Protection Registrar, and is currently in private practice. Information Commissioner Christopher Graham wrote the preface; chapters were reviewed or commented upon by ex-colleagues at the ICO as well as a variety of other experts. 

There are 29 chapters and 7 appendices, including the texts of the Data Protection Directive and Data Protection Act 1998, but not all relevant statutory instruments (which, to be fair, might have made the book unmanageably large). As well as data protection law, its chapters cover broader privacy-related topics, notably privacy rights under the Human Rights Act 1998 and remedies for misuse of private information (ie European Convention on Human Rights, Articles 8 and 10); electronic communications and the Privacy and Electronic Communications (EC Directive) Regulations 2003; monitoring of communications, interception and access to encrypted data; retention of communications data; and access to criminal records and enforced subject access. A final chapter deals with data protection law in the Channel Islands and Isle of Man. 

Most of this book was written by Rosemary Jay herself. Some chapters are by guest contributors (with Chris Pounder of privacy training firm Amberhawk also contributing generally):

– overseas or cross-border transfers of personal data – William Malcolm, Google UK privacy counsel

– subject access – Ellis Parry, BP global lead, data privacy

– research – Ellis Parry

– freedom of information and personal data – Sue Cullen, director, Amberhawk. 

For those possessing the 3rd edition, there are new chapters on data-sharing, security obligations and use of data processors, and the Commissioner’s enforcement powers (including monetary penalty notices), plus one on certain relevant case law of the European Court of Justice on data protection. Dotted throughout is some coverage of the possible impact of the draft Data Protection Regulation and/or Directive. This edition seems based on the law at October 2012, so does not incorporate later information regarding European Parliament or Council views on those drafts. 

This book could include more meat for academic teeth. But given its wide scope and its already huge size, and of course the fact that it does not primarily target academics, the lack of detailed discussion of theoretical issues is not unexpected. Of the practitioner books that concentrate on UK law, this is the best I have read, and certainly the most comprehensive. (For a wider EU perspective, I prefer Christopher Kuner’s European Data Protection Law: Corporate Compliance and Regulation, which also covers some policy issues.) 

There are signs of a rush to press, eg Chapter 8’s footnote 4 only had a placeholder for a Spanish case on banning transfers (which I’d love to hear more about, if anyone knows?), and the Pro Life Alliance case is mentioned in the FOI context but not anonymisation. However, the biggest issues are more about delivery than content. This book merited more care by Sweet & Maxwell. The contents list at http://www.sweetandmaxwell.co.uk/Catalogue/ProductDetails.aspx?productid=568065&recordid=5046#tabs-2 not only contains misspellings (as does the book itself), but clearly relates to the 3rd edition, not the 4th. Similarly with the web page at http://www.sweetandmaxwell.co.uk/dataprotection/. Furthermore, this sort of book cries out for a searchable electronic version, not just for length but also accessibility reasons (one appendix sports font sizes so small and light and spacing so tight that my highly myopic, increasingly ageing, eyes begged for mercy after a few lines). Without searchability, the referencing, cross-referencing and indexing all needed to be significantly more comprehensive to make this book fully useable as a reference work. For example, the Naomi Campbell case is mentioned several times, but the Table of Cases only lists one instance, while mentions of the Mosley case are not always footnoted with citations or cross-references. Hopefully the 5th edition might bring us not only an electronic version, but perhaps also periodic online updates via Sweet & Maxwell’s website? 

Kuan Hon (reviewed in a purely personal capacity). Full disclosure: I know Rosemary, Sue, Chris and some of the people who reviewed draft chapters.