"to allow Government departments to share citizens' personal information with ...and with the private sector"
too effing right!
A code of conduct for handling personal data was launched in London yesterday. But the document is inconsistent on the need for consent when collecting personal data, according to a data protection expert. Sometimes consent is not necessary, he said. The Personal Data Guardianship Code was published jointly by the British …
The lawyer quoted in the article should read the guide more carefully. The guide does not claim to state the legal position, but rather to provide guidance on best practice. This is not just a matter of what the law says, but a rather how to strike a reasonable balance between the benefits and risks of personal data holdings, both for the individual and for the organisation holding the data.
Given increasing sharing of data between organisations, and the infamous Clause 152 in the C&J Bill, the matter of consent, especially for re-use of personal data for purposes other than those for which it was originally collected, is of central importance to best practice. The Data Protection Act was formulated long ago and, whilst its pronciples are still sound, they do not fully cater for the capabilities of modern, highly interconnected IT systems.
As MPs have recently discovered, merely obeying the rules (or law) does not make an action right.
California lawmakers met in Sacramento today to discuss, among other things, proposed legislation to protect children online. The bill, AB2273, known as The California Age-Appropriate Design Code Act, would require websites to verify the ages of visitors.
Critics of the legislation contend this requirement threatens the privacy of adults and the ability to use the internet anonymously, in California and likely elsewhere, because of the role the Golden State's tech companies play on the internet.
"First, the bill pretextually claims to protect children, but it will change the Internet for everyone," said Eric Goldman, Santa Clara University School of Law professor, in a blog post. "In order to determine who is a child, websites and apps will have to authenticate the age of ALL consumers before they can use the service. No one wants this."
UK watchdogs under the banner of the Digital Regulation Cooperation Forum (DRCF) have called for views on the benefits and risks of how sites and apps use algorithms.
While "algorithm" can be defined as a strict set of rules to be followed by a computer in calculations, the term has become a boogeyman as lawmakers grapple with the revelation that they are involved in every digital service we use today.
Whether that's which video to watch next on YouTube, which film you might enjoy on Netflix, who turns up in your Twitter feed, search autosuggestions, and what you might like to buy on Amazon – the algorithm governs them all and much more.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018*.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
Britain's data watchdog has issued an £80,000 penalty to a financial advisor that dispatched hundreds of thousands of unsolicited text messages during lockdown.
H&L Business Consulting, based in Penrith, Cumbria, was found by the Information Commissioner's Office (ICO) to have sent 378,553 texts between January and June 2020, resulting in more than 300 complaints [PDF].
The spam promoted the debt management scheme devised by UK government as the outbreak of the novel coronavirus morphed into a pandemic. This is despite the fact that H&L Business Consulting was unauthorized by the Financial Conduct Authority to sell regulated financial products or services.
Five British companies are collectively nursing a £405,000 fine from the UK's data watchdog for making a combined total of 750,000 unsolicited marketing calls targeting vulnerable elderly people.
The Information Commissioner's Office (ICO) was alerted to the quintet's dodgy dealings after receiving complaints from the public and information from Action Fraud, Trading Standards, consumer rights group Which?, and call block provider trueCall.
All of the calls were made to people registered with the Telephone Preference Service (TPS), meaning it is illegal for marketeers to ring those numbers unless specific consent is provided.
The UK's data watchdog has issued the Ministry of Justice with an Enforcement Order [PDF] after the government department broke data protection laws by failing to process thousands of subject access requests (SARs) without undue delay.
The Information Commissioner's Office (ICO) said it was made aware of the backlog by the MoJ – the data controller – in January 2019 and spoke to the ministry over the course of the year, mulling potential action. Then the pandemic hit, leading to a change in the ICO's approach to regulatory action, and it paused the probe.
By October 2020, the ICO asked for an update on the number of outstanding SARs, but the MoJ said it too was struggling under the COVID-19 outbreak and had sought to prioritise requests that were "urgent" due to legal proceedings like immigration hearings or police investigations.
Home2Sense Ltd, a home improvement biz, is nursing a £200,000 financial penalty from the UK's data watchdog for making well over half a million marketing calls to people that registered to opt out of such botheration.
The company, based in Lampeter, Wales, was behind 675,478 nuisance calls between June 2020 and March 2021, punting insulation services to people signed up to the Telephone Preference Service (TPS).
As Reg readers know, it is illegal to dial up someone that has registered with the TPS for more than 28 days, unless that person has given the marketeer specific consent to contact them.
Blackbaud was given a private slap on the wrist by the UK's Information Commissioner's Office (ICO) after paying off criminals who stole users' financial data from the cloud CRM biz's servers.
The astonishingly mild sanction was revealed in a Freedom-of-Information response after senior data protection specialist Jon Baines at London law firm Mishcon de Reya asked about reprimands made under the General Data Protection Regulation (GDPR).
Reprimands are a formal expression of the ICO's disapproval, issued to organisations that have broken data protection law.
The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner.
Top of his in-tray will be helping the government square the EU's data protection rules with its desire to create a new, more "pro-innovation" regime.
Well before he started his new job, Edwards promised it could be done. "The United Kingdom is entitled to take Fleetwood Mac's advice and 'Go your Own Way'," he said in September, citing the soft rock supergroup. "Ensuring the mutual respect of different legal and cultural traditions… lead to different expressions of the same objective," he said.
British telco Virgin Media is facing a £50k financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf.
Just one customer complained to the Information Commissioner's Office (ICO) about receiving the spam – but that was enough to spur the regulator into investigating.
In a message disguised as a routine communication about tariff prices, Virgin told the unfortunate 451,217 recipients it knew full well they'd opted out of marketing emails but wanted them to opt back in.
Biting the hand that feeds IT © 1998–2022