UK

Court of Appeal rejects data protection claim brought in respect of FSA files

Joanna Gray, University of Newcastle upon Tyne

Application of the Data Protection Act 1998 to the FSA

The Court of Appeal handed down on 8 December 2003 the judgment for Durant v Financial Services Authority which shed some insight into the extent of the statutory obligations owed by the UK Financial Services Authority (FSA), in its capacity as a registered data controller under the Data Protection Act 1998, to release personal data to individuals who may be partly the subject of information contained in its regulatory and supervisory files.This decision has important implications for dealings and trust in confidentiality between the regulator, the regulated community and individual investors who may be seeking to invoke the FSA’s powers in support and furtherance of their individual complaints about regulated financial institutions.In the UK the Data Protection Act 1998 provides the basis of any individual’s entitlement to access to personal data held and processed by a data controller (the FSA being one such).Section 7(1) of that Act provides that: