'Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality', in Serge Gutwirth (ed.), Reinventing Data Protection?, Dordrecht: Springer, pp. 83-110
Authors: Brownsword, R.
In the context of a rapidly developing Information Society, the Data Protection Directive1 seems both well-intentioned and timely: it reflects a rights-based approach to privacy and to the fair, accurate, transparent and proportionate processing of personal data.2 Yet, in England, as in the United States, EU data protection law has few friends3, - for example, in the Naomi Campbell case, one of the first opportunities for the English appeal courts to comment on the local implementing legislation, Lord Phillips MR described the Data Protection Act, 1998, as 'cumbersome and inelegant'.4 If the Act were thought to be making a positive contribution to the social and economic well-being of the nation, then the lawyers might have to bear this particular cross. After all, there is plenty of legislation that fits Lord Phillips' protection responsibilities. 16 Whereas the former believe that it is too difficult to obtain consent, the premise of the latter critique is that it is far too easy to meet the consent requirement. Let me make it clear, therefore, that when I defend consent against the former, I am defending a principle that demands that we take consent seriously. If, in practice, the obtaining of consent is perfunctory and routine, then that is not at all in line with the requirements of principle. It is no part of my intention to defend a practice that falls short of our principles; what I want to defend is a principle that makes individual rights and consent focal; and what I want to see in practice is respect for data subjects that lives up to our declared principles.