Online Privacy in the UK

Planning to handle consumer data in the UK? Then it's time to learn about the Data Protection Act 1998. Thankfully, Wikipedia has a very helpful overview. What are the key takeaways?

  • Data may only be used for the specific purposes for which it was collected.
  • Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime).
  • Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
  • Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
There's more to it, but those are the top few things that jump out at me as most important. And by golly, that seems to me to prohibit third-party email offers without recipients first giving specific consent to that third party. I'm not clear how someone could sell email lists in the UK that comply with these legal requirements. I don't think it's possible.

If you're interested in learning more about European privacy law, then don't forget to read up on the EU's Data Protection Directive (95/46/EC) as well.

I'm not a lawyer, and this isn't legal advice. Duh!


  1. Well I can assure you the industry is thriving in the UK.

  2. Sadly, crime thrives in a lot of places.

    People have actively been prosecuted for list sales in the UK. Here's just one example:


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.