The application of Directive 95/46/EC and the Data Protection Act 1998 when an individual posts photographs of other individuals online
It has long been the tradition in the United Kingdom for parents to take photographs at school events. Such photographs often capture images of several children. When parental photographs were stored in family albums this was not perceived to be a problem. However, with the internet increasingly being used to share photographs, questions have been raised about whether schools should restrict parental photography or impose conditions upon online dissemination of such photographs, in order to protect children’s personal data.
Unfortunately, as the UK data protection regulator (the Information Commissioner) recognised in 2010 it is not entirely clear how data protection legislation applies to individuals who are posting third party personal information online. The first issue that this article seeks to explore, therefore, is how European and domestic regulators have interpreted relevant data protection legislation. It considers the extent to which parents who share photographs of third parties online may be caught by the obligations such legislation imposes.
The European Commission have acknowledged that, with the development of new technologies, current European Union data protection legislation may no longer afford effective protection to individuals’ personal information. This article, therefore, also explores the potential impact of the proposed data protection regulation both for individuals sharing third party information online, and for individuals whose information is shared.
Key words: data protection; personal information; privacy; data protection directive; data protection regulation