answer text |
<p>Section 171 of the Data Protection Act 2018 (DPA) criminalises the re-identification
of personal data that has been de-identified. It is unlawful to knowingly or recklessly
re-identify personal data without the consent of the controller responsible for de-identifying
it, unless a relevant defence applies. It is also an offence to process personal data
that has been re-identified in this manner.</p><p>The penalties for offences under
section 171 of the DPA are set out in section 196 of the DPA. A person who is convicted
of an offence under section 171 of the DPA is liable to an unlimited fine in the courts.
Under section 199 of the DPA, the offence is recordable which means that the company
or individual committing the offence will have a criminal record on conviction.</p><p>As
with other offences under the DPA, where an offence under section 171 has been committed
by a company, that company’s directors, managers and others acting in such a capacity
can be convicted where the relevant individual or individuals consented, connived
or neglected in taking their responsibilities seriously and contributed as a result
to the offence being committed.</p><p> </p>
|
|