The role of administrative Law in safeguarding data privacy in government activities
📘 The Role of Administrative Law in Safeguarding Data Privacy in Government Activities (UK)
I. Introduction
Administrative law serves as a vital mechanism in holding government bodies accountable for their data handling practices. It ensures that executive agencies respect individual rights to data privacy, which are protected under:
Common law principles of fairness and proportionality
The Human Rights Act 1998, particularly Article 8 ECHR (Right to Private Life)
The Data Protection Act 2018 and the UK GDPR
Judicial review, which allows courts to scrutinize whether public authorities have acted lawfully, rationally, and proportionately when handling personal data
Administrative law provides remedies when government data practices become intrusive, disproportionate, opaque, or unlawful.
II. Legal Frameworks Governing Government Data Use
Human Rights Act 1998: Public authorities must respect the right to privacy (Art. 8 ECHR).
Data Protection Act 2018 & UK GDPR: Regulate the collection, use, retention, and sharing of personal data.
Freedom of Information Act 2000: Balances transparency and privacy.
Judicial Review: Courts assess whether data processing decisions comply with procedural fairness and legal standards.
III. Key Cases: Administrative Law & Government Data Privacy
Here are more than four key cases illustrating how administrative law has safeguarded data privacy in the face of government action.
1. R (on the application of Catt) v. Association of Chief Police Officers [2015] UKSC 9
📝 Facts:
Mr. Catt, a peaceful protestor, discovered his details were retained in a police database (Domestic Extremism Database), despite no criminal record.
❓ Issue:
Was the police’s retention of his personal data a breach of his Article 8 rights?
⚖️ Holding:
The Supreme Court ruled (narrowly, 4-1) that the retention was lawful, proportionate, and served a legitimate policing interest.
📌 Importance:
The Court emphasized the need for proportionality and relevance in retaining data.
Administrative decisions involving data retention must balance operational needs with privacy rights.
Dissent (by Lord Toulson) highlighted the risks of data retention without suspicion of criminality.
2. R (Bridges) v. South Wales Police [2020] EWCA Civ 1058
📝 Facts:
Police used live facial recognition (LFR) in public spaces.
Mr. Bridges, a civil liberties campaigner, challenged the legality of using LFR to collect biometric data without consent.
❓ Issue:
Was the use of facial recognition technology by police compliant with data protection and human rights laws?
⚖️ Holding:
The Court of Appeal ruled that the use of LFR interfered with Article 8 rights and lacked adequate legal safeguards.
Found failures in:
Lack of clear guidance
Data protection impact assessments
Oversight and accountability
📌 Importance:
Landmark case confirming that new surveillance tech must comply with privacy protections.
Administrative bodies must implement clear, transparent, and proportionate policies when handling personal data.
3. R (on the application of Edward Bridges) v. South Wales Police (on costs) [2022]
📝 Facts:
Following the 2020 facial recognition ruling, Mr. Bridges sought costs from the police.
❓ Issue:
Should a public authority pay legal costs where it fails to comply with data privacy safeguards?
⚖️ Holding:
The court ordered South Wales Police to pay a significant portion of costs.
📌 Importance:
Reinforces the accountability of administrative agencies when data privacy rights are violated.
Encourages public bodies to proactively ensure legality of data-driven practices.
4. R (Watkins) v. Secretary of State for the Home Department [2006] UKHL 17
📝 Facts:
A prisoner’s legal correspondence was opened and read by prison officers under routine procedures.
❓ Issue:
Did this policy interfere with his Article 8 right to correspondence and privacy, especially when related to legal communication?
⚖️ Holding:
The House of Lords held that routine interference with legal correspondence could breach Article 8.
Strong protections are needed where privacy intersects with legal privilege.
📌 Importance:
Clarified that administrative policies—even within prisons—must respect privacy and confidentiality, especially in legal matters.
5. R (MM) v. Secretary of State for the Home Department [2017] EWCA Civ 328
📝 Facts:
The claimant challenged the government’s policy of collecting and using private family information when processing immigration applications.
❓ Issue:
Did the Home Office’s data processing violate Article 8 rights?
⚖️ Holding:
The Court of Appeal emphasized that government interference with personal or family data must meet strict necessity and proportionality standards.
📌 Importance:
Stressed that immigration and public policy decisions must still respect privacy rights.
Demonstrated how judicial review can curb disproportionate use of private data by government.
6. R (Elgizouli) v. Secretary of State for the Home Department [2020] UKSC 10
📝 Facts:
The UK provided personal data to US authorities about a British citizen suspected of terrorism, without seeking assurances against the death penalty.
❓ Issue:
Whether the transfer of personal data without adequate human rights protections was lawful.
⚖️ Holding:
The Supreme Court held that transferring personal data to a foreign government must still comply with UK data protection and human rights law.
Failure to obtain assurances breached common law and data privacy standards.
📌 Importance:
Showed that international data sharing by UK government agencies remains subject to domestic administrative law safeguards.
IV. Summary Table
| Case | Key Issue | Result & Importance |
|---|---|---|
| Catt v. ACPO (2015) | Police retention of protestor data | Data retention must be proportionate; dissent warned of rights risk |
| Bridges v. South Wales Police (2020) | Facial recognition in public | Violated privacy; lacked legal safeguards |
| Bridges v. SWP (2022 - costs) | Accountability for rights violations | Public bodies liable for costs where rights breached |
| Watkins v. Home Dept. (2006) | Privacy of legal correspondence in prison | Routine policies must respect legal confidentiality |
| MM v. SSHD (2017) | Family/private life in immigration data decisions | Immigration policy must respect privacy under Article 8 |
| Elgizouli v. SSHD (2020) | International data sharing without safeguards | Unlawful to share personal data without ensuring human rights compliance |
V. Conclusion
Administrative law in the UK actively safeguards data privacy in government activities by:
Imposing proportionality requirements on data collection and retention
Requiring transparency, accountability, and legal certainty
Ensuring judicial review is available where privacy rights are infringed
Applying human rights standards (especially Article 8 ECHR) to government decisions
Through judicial review, courts ensure that government actions involving personal data are lawful, necessary, and proportionate—even when national security, immigration control, or policing are at stake.
RELATED Blog
0 comments