From Amberhawk:
Belated Happy New Year, but we start 2012 with a report that has a lot in it. Stick with this judgement as, in summary, it states that:
(a) the term “lawful” processing in First Principle relates to that processing which is consistent with the application of any relevant law including law of confidence (the Information Commissioner is not keen to enforce “lawful processing”); I should add that the implications of “lawful processing” have yet to be applied to other Principles (e.g. to the Seventh Principle and security considerations);
(b) the purpose of the Data Protection Directive is to implement Article 8 of the Human Rights Act; so in theory, the Information Commissioner could consider “lawfulness” in terms of Article 8; and
(c) the Information Commissioner ignores theLindqvist decision (see references) in his detailed commentary on the application of the domestic purpose exemption to personal data on a website; the Court says the Commissioner’s advice is inconsistent with the law.
Read more on HawkTalk. Quite a smackdown of the ICO on this one, it seems.