As a consultative organisation, the Law Commission has always taken seriously its responsibility for handling personal data.
The new requirements under GDPR (the General Data Protection Regulation) have lent new focus on this important aspect of our work and, accordingly, we have set out in detail how we process and store personal data.
We also set out in full our revised privacy statement. If you have any queries, please contact us at: firstname.lastname@example.org
Under the General Data Protection Regulations (May 2018), the Law Commission must state the lawful bases for processing personal data. The Commission has a statutory function, stated in the 1965 Act, to receive and consider any proposals for the reform of the law which may be made or referred to us. This need to consult widely requires us to process personal data in order for us to meet our statutory functions as well as to perform a task, namely reform of the law, which is in the public interest. We therefore rely on the following lawful bases:
(c) Legal obligation: processing is necessary for compliance with a legal obligation to which the controller is subject
(e) Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Law Commission projects are usually lengthy and often the same area of law will be considered on more than one occasion. The Commission will, therefore retain personal data in line with our retention and deletion policies, via hard copy filing, electronic filing and a bespoke stakeholder management database unless we are asked to do otherwise. We will only use personal data for the purposes outlined above.
We aim to be transparent in our decision-making, and to explain the basis on which we have reached conclusions. We may publish or disclose information you provide in response to Law Commission papers, including personal information. For example, we may publish an extract of your response in Law Commission publications, or publish the response itself. We may also share responses with Government. Additionally, we may be required to disclose the information, such as in accordance with the Freedom of Information Act 2000. We will process your personal data in accordance with the General Data Protection Regulation.
Consultation responses are most effective where we are able to report which consultees responded to us, and what they said. If you consider that it is necessary for all or some of the information that you provide to be treated as confidential and so neither published nor disclosed, please contact us before sending it. Please limit the confidential material to the minimum, clearly identify it and explain why you want it to be confidential. We cannot guarantee that confidentiality can be maintained in all circumstances and an automatic disclaimer generated by your IT system will not be regarded as binding on the Law Commission.
Alternatively, you may want your response to be anonymous. That means that we may refer to what you say in your response, but will not reveal that the information came from you. You might want your response to be anonymous because it contains sensitive information about you or your family, or because you are worried about other people knowing what you have said to us.
We list who responded to our consultations in our reports. If you provide a confidential response your name will appear in that list. If your response is anonymous we will not include your name in the list unless you have given us permission to do so.
Any concerns about the contents of this Privacy Notice can be directed to: email@example.com