Tweet
Is this true? Defendant Reply with this:
"The Claimant claims that Defendant has breached the “1st, 4th and 7th principles of the Data Protection Act 2018” in relation to Application Data related to the Claimant (the “Claimant Data”). Defendant assumes this refers to Articles 5(1) and 5(2) of the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018), as such principles are mirrored in Part 3, Chapter 2 of the Data Protection Act 2018. However, it is the data controller in relation to the Claimant Data that is responsible for, and must be able to demonstrate, compliance with such principles, including the 1st principle that processing must be lawful and fair and the 4th principle that personal data be accurate and kept up to date (please refer to the aforementioned provisions of the UK GDPR and the Data Protection Act 2018 and in particular the accountability principle at Articles 5(2) of the UK GDPR, which we assume is the “7th principle of the Data Protection Act” referred to by the Claimant). 4. Under the UK GDPR, the Claimant can only bring a claim directly against the Defendant if the Defendant has acted outside or contrary to the lawful instructions of the data controller of the Claimant Data. Defendant has at all times acted in accordance with the instructions of the data controller of the Claimant Data and the Claimant therefore has no grounds to bring any claim against Defendant in relation to the processing of the Claimant Data".
I know it might be an attempt to see my response because definitely Section169 of the Data Protection Act 2018 (1) makes them liable and Article 29 of the GDPR (General Data Protection Regulation) provides guidance on the interaction between contractual agreements and data protection law. It emphasizes that contractual agreements cannot override data protection law, especially when it comes to protecting individuals' rights and freedoms regarding their personal data.
"The Claimant claims that Defendant has breached the “1st, 4th and 7th principles of the Data Protection Act 2018” in relation to Application Data related to the Claimant (the “Claimant Data”). Defendant assumes this refers to Articles 5(1) and 5(2) of the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018), as such principles are mirrored in Part 3, Chapter 2 of the Data Protection Act 2018. However, it is the data controller in relation to the Claimant Data that is responsible for, and must be able to demonstrate, compliance with such principles, including the 1st principle that processing must be lawful and fair and the 4th principle that personal data be accurate and kept up to date (please refer to the aforementioned provisions of the UK GDPR and the Data Protection Act 2018 and in particular the accountability principle at Articles 5(2) of the UK GDPR, which we assume is the “7th principle of the Data Protection Act” referred to by the Claimant). 4. Under the UK GDPR, the Claimant can only bring a claim directly against the Defendant if the Defendant has acted outside or contrary to the lawful instructions of the data controller of the Claimant Data. Defendant has at all times acted in accordance with the instructions of the data controller of the Claimant Data and the Claimant therefore has no grounds to bring any claim against Defendant in relation to the processing of the Claimant Data".
I know it might be an attempt to see my response because definitely Section169 of the Data Protection Act 2018 (1) makes them liable and Article 29 of the GDPR (General Data Protection Regulation) provides guidance on the interaction between contractual agreements and data protection law. It emphasizes that contractual agreements cannot override data protection law, especially when it comes to protecting individuals' rights and freedoms regarding their personal data.
Comment