back to article UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

The government has moved to allay fears over amendments to the Data Protection Bill that critics say could undermine both the law and the powers of the UK’s privacy watchdog. The changes, for a Framework for Data Processing for Government, were quietly inserted at the Bill’s final committee stage in November – but soon faced a …

  1. teebie

    "I think it means that,"

    To which someone should have replied

    "It is your job to know what it means, and you are doing the part of your job that pertains to knowing what it means."

    1. Doctor Syntax Silver badge

      <Sigh> Only one upvote but "pertains" deserves another all of its own.

    2. Nick Kew

      Up to a point, Lord Copper.

      But wasn't it a Minister speaking? His civil servants (whose job it really is) may have explained it ambiguously, or even misleadingly, to him.

      Think Sir Humphrey. He misleads Hacker into giving unwittingly wrong answers in parliament a few times. And in the matter of Big Brother surveillance (series 1, episode 4), it's Humphrey pushing the state's power-grab while the minister fights to protect the rights of his citizens.

  2. Nick Ryan Silver badge

    Weasel words

    “I hope that by the end I will be able to convince noble Lords that this is not quite as sinister as has been made out,” Ashton said in his opening remarks in the discussion.

    So he's trying to divert attention from the fact that the bill gives the Secretary of State the power to make arbitrary changes to the functional content of the bill at whim? And this is not "as sinister", inappropriate or just downright contrary to democracy or a fair and accountable society?

    1. Anonymous Coward
      Anonymous Coward

      Re: Weasel words

      Of course it's not sinister, it will only be used to protect those in a position of power, nothing to worry about.

    2. Anonymous Coward
      Anonymous Coward

      Re: Weasel words

      So he's trying to divert attention from the fact that the bill gives the Secretary of State the power to make arbitrary changes to the functional content of the bill at whim?

      This has been an increasingly common practice since the time of Blair. This is termed "secondary legislation", and there's absolutely tons of it, because it makes life far easier for shithead politicians to do as they want, without the embarrassment of having to put all the detail through parliament.

  3. Anonymous Coward
    Anonymous Coward

    I'm wondering about non-working days..

    Does anyone know if the 72 hours includes weekends? I assume so - but most NHS staff covering data protection simply don't work those hours.

    Boom there goes 48 hours straight away.

    1. mark 120

      Re: I'm wondering about non-working days..

      GDPR wants the notification to the ICO within 72 hours, not three working days. I can't see this being different.

    2. veti Silver badge

      Re: I'm wondering about non-working days..

      More than 48 hours. If you make the discovery at 4:00 on a Friday afternoon and don't report it before you go home, then 8:00 the following Monday is a whole 64 hours away.

      And if there's a public holiday, of course...

      And yet it can't mean "72 working hours". Assuming a standard 8-hour day, that would be nine days; if the discoverer is only working part-time, it might mean several weeks. And I don't think TPTB would stand for that.

      So I think it has to be "72 hours by the clock", and if you do make the discovery at 4:00 on a Friday - unless you want to work that weekend - you'd better be able to show that you sent the email about it before you went home that day.

      Moral: don't do reidentification research on Fridays.

  4. Pascal Monett Silver badge
    FAIL

    Incompatible and unfeasible

    Either there is a framework in place and that framework should be respected, or there is none. Allowing someone to exempt themselves from a framework means that there is, in effect, no framework.

    So revise the framework and impose it, otherwise this whole thing is just a PR exercise.

    1. veti Silver badge

      Re: Incompatible and unfeasible

      No, it means the ICO is above the framework. She's able not only to police adherence to the framework, but also cases where the framework itself might be in error. I don't see any inherent contradiction there.

  5. Anonymous Coward
    Anonymous Coward

    If someone has found that the data is fallible then they should be able to report it to the government whenever they can, putting 72 hours on it is a complete waste of time, what if you miss the deadline do you just leave the data vulnerable? What if you're not sure and to be sure it's going to take you some time? Something I can see happening quite often.

    Clearly this has nothing to do with protecting data and is being used to scare people off from investigating the integrity of the data in the first place. I hate to be the bearer of bad news but malicious actors won't give a flying f*ck about the 72 hours and trying to deter the people that will help stop them sums up the stupidity of government.

    1. Anonymous Coward
      Anonymous Coward

      > I hate to be the bearer of bad news but malicious actors won't give a flying f*ck about the 72 hours

      I could be there to remove the "I was gonna tell the ICO, honest" defence that someone collared for this would likely use as their first defence..?

      1. Anonymous Coward
        Anonymous Coward

        I thought of that but then malicious actors are only going to get caught after they start using the data for evil.

        1. IamStillIan

          That's my assumption as well, and I see the point of that; otherwise any crook can just turn round, claim to be a researcher and simply "not have reported it yet".

          Whether 72hrs is the right number is a fair question, along with how extensive the report is.

          If it's a simple "Dear ICO, I believe that combining X with Y can reveal Z, but I'm sitll working on. Cheers" then that could be reasonable. If we're talking about an indepth analysis, then that's a different situation.

    2. veti Silver badge

      The whole point of the "72 hours" is to differentiate "malicious actors" from the rest of us. A "non-malicious actor" becomes, by definition, someone who reports the vulnerability in time.

  6. Warm Braw

    This is not quite as sinister as has been made out

    If it isn't, it would be a first for legislation relating to data privacy.

  7. adam payne

    “I hope that by the end I will be able to convince noble Lords that this is not quite as sinister as has been made out,” Ashton said in his opening remarks in the discussion.

    It just allows the secretary of state to change the framework at their every whim, so not sinister at all.

    Being allowed to change framework at their every whim is not democracy.

  8. Kane

    "Elsewhere in the debate, Ashton announced that the ICO would have pay flexibility – meaning it is not bound by strict civil service pay rules – up to 2020-21."

    Sounds like a sop to keep the unruly civil servants quiet.

  9. Teiwaz

    “I hope that by the end I will be able to convince noble Lords that this is not quite as sinister as has been made out,” Ashton said

    But they admit it's sinister, they just disagree the level of sinister, presumably, it's perfectly acceptable to be sinister as long as it's the government.

    It's quickly getting to the point that anarchy with no government would be more humane than the future the mentally challenged architects of the new age in the UK would have it, by intent or mismanagement.

    1. Anonymous Coward
      Coat

      UK.gov denies data processing framework is 'sinister'

      “I hope that by the end I will be able to convince noble Lords that this is not quite as sinister as has been made out,” Ashton said in his opening remarks in the discussion.

      To be pedantic, this is not a denial. "I hope that by the end I will be able to convince [you]" isn't the same as "it's not true". The sentence simply expresses the speaker's aspiration to make the listeners believe something, regardless of whether it is true or not.

      And as Teiwaz has already pointed out "Not quite as sinister" still means it's sinister, just a tiny bit less than supposed.

      I hope he was very much clearer in denying it during the rest of the debate.

      1. Nick Ryan Silver badge
        Stop

        Re: UK.gov denies data processing framework is 'sinister'

        STOP.

        Seriously. How are we going to be able to continue this without an official El Reg standard for sinisisterism?, er, sinisterishness? drat, sinisterishlyness? maybe sinisterness? Whatever. We need a proper measure for this. Maybe even some spelling as well.

        Where is the El Reg standards soviet when we need them?

        1. Adrian 4

          Re: UK.gov denies data processing framework is 'sinister'

          The unit of sinisiterism is the widdishin.

  10. John Smith 19 Gold badge
    Gimp

    Lord Ashton of Hyde - current sock puppet to the data fetishts who wrote these clauses

    FTFY

    Funny how with data "protection " legislation the clauses that allow government civil "servants" and their alleged "masters," to do WTF they want when they want are very carefully drafted to do so, while the actual protective ones are ambiguous to the Nth degree with many, and varied exclusions, reasons-not-to-report certain behaviours etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like