The Journalistic Exemption

When the first Data Protection Act was passed in 1984, it was estimated that there were 200,000 computers in the UK holding personal data, defined in the legislation as information relating to a living individual that could identify them. The Act stipulated that any computer holding such data would have to be registered by a newly appointed data protection registrar. When Parliament was asked to agree the registrar’s salary, the MP for Wrexham remarked that £35,000 was a lot of money: ‘I doubt whether many people are worth that much.’ Today, his successor, the information commissioner, is paid £180,000 a year, more than the prime minister, and we are way past the point of being able to count, let alone attempt to register, all the computers, apps and storage systems that hold personal data. The new Data Protection Act passed in May defines personal data as any information relating to an identified or identifiable living individual; as well as our names, addresses and dates of birth, this now includes markers of our digital identities, such as IP addresses and biometric data. The new legislation brings into law the General Data Protection Regulation (GDPR) that came into force across the EU in May.