Livestock movements, identification and tracing: horses - the Data Protection Act and the National Equine Database
The following is to provide a brief background to the Data Protection Act 1998 (DPA) and explain how Government and those equine organisations providing mandatory and voluntary data to the National Equine Database (NED) can meet the requirements of the Act.
What is the Data Protection Act?
- The Data Protection Act 1998 sets out the terms and conditions under
which personal data [ie information relating to living individuals]
will be processed. Under the Act, data relating to a horse or pony is
regarded as ‘personal’ in that it informs about the assets
of the owner(s).
- All personal data must be processed in accordance with the Eight Data Protection Principles - see annex A.
How will the Data Protection Act affect organisations passing data to NED?
- The Act requires that information must be collected and processed
fairly. Both Government and equine organisations, therefore,
have a responsibility to inform data subjects [in this case horse owners
/ members of equine societies etc] about the intention to collect data
for NED and how that data will be used.
- It is not necessary to communicate with each owner or member individually as, under Schedule l, Part 2, Section 3 (2) (a), this would involve ‘a disproportionate effort’. Defra will be providing information about the processing of data for NED on the Defra website, in equine publications and other publicity material. For equine organisations, it is sufficient to publish this information in or on the website, newsletter, magazine, show schedule, application form etc of the relevant organisation provided that this decision is recorded by the organisation in an appropriate official Minute.
Does the Data Protection Act allow this information to be collected and processed?
Mandatory data
Under Schedule 2, Sections (3) and (5c) of the Data Protection Act (DPA) it is permitted to pass personal data to the National Equine Database (NED) as it is necessary to do so to enable the execution of a function by the Minister for Rural Affairs and by DEFRA in order to comply with the provisions of the Horse Passport (England) Regulations 2004.
Voluntary data
Under Schedule 2, Section 6 (1) of the Data Protection Act (DPA) it is permitted to pass data to the National Equine Database (NED) as it is necessary to do so for the purpose of the legitimate interests pursued by NED Ltd, the body to whom the data is disclosed, and which do not prejudice the rights and freedoms or legitimate interests of the data supplier.
How will the data be used?
The data processed for inclusion on the National Equine Database will be used for the following purposes:
- to enable economic strategic planning of developments in the equine sector built upon reliable data sources.
- the improvement in the quality of horses in GB based upon both historic and current records of breeding, evaluation and performance data, which will be readily and easily accessible in one central source.
- assist in the tracing of the owners of straying, lost and stolen horses and ponies or those, which have become welfare cases.
- reduce malpractice in the sale of horses and ponies in that NED will provide a source for checking the authenticity of data.
- to provide management information that will assist Defra to carry out its responsibilities regarding the implementation of the horse passport requirement.
- to provide a source of data that supports Disease Control and Surveillance in the equine sector.
- To provide data for Defra-authorised research and evaluation
Sean Hogan, Defra Horse Passports and Database Team
Annex A
Schedule 1 of The Data Protection Act 1998
1. Personal data shall be processed fairly and lawfully and, in particular,
shall not be processed unless -
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions
in Schedule 3 is met – NED will not process this type of data
2. Personal data shall be obtained only for one or more specified and
lawful purposes, and shall not be further processed in any manner incompatible
with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation
to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept
for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data
subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside
the European Economic Area, unless that country or territory ensures an
adequate level of protection for the rights and freedoms of data subjects
in relation to the processing of personal data.
Schedule 2 of The Data Protection Act 1998
Conditions relevant for purposes of the first principle: processing of
any personal data
1. The data subject has given his consent to the processing.
2. The processing is necessary -
(a) for the performance of a contract to which the data subject is a party,
or
(b) for the taking of steps at the request of the data subject with a
view to entering into a contract.
3. The processing is necessary for compliance with any legal obligation
to which the data controller is subject, other than an obligation imposed
by contract.
4. The processing is necessary in order to protect the vital interests
of the data subject.
5. The processing is necessary -
(a) for the administration of justice,
(b) for the exercise of any functions conferred on any person by or under
any enactment,
(c) for the exercise of any functions of the Crown, a Minister of the
Crown or a government department, or
(d) for the exercise of any other functions of a public nature exercised
in the public interest by any person.
6. (1) The processing is necessary for the purposes of legitimate interests
pursued by the data controller or by the third party or parties to whom
the data are disclosed, except where the processing is unwarranted in
any particular case by reason of prejudice to the rights and freedoms
or legitimate interests of the data subject.
(2) The Secretary of State may by order specify particular circumstances
in which this condition is, or is not, to be taken to be satisfied.
Page last modified:
14 January, 2008
Page published: 12 February, 2007