Derichleau • User • The Register Forums

Credit card companies plan to sell your purchase data to advertisers

Thursday 27th October 2011 12:03 GMT Derichleau

Section 11 every time

Financial organisations couldn't give a toss about their customers; they see us simply as a commodity to be exploited. If they're not charging us high interest rates they're selling our details to other organisations. But one thing's for sure... they hate the ICO! Pop a question to any financial organisation and they're likely to quote their code of practice rather than data protection law in response. I've made the FSA aware of this on a number of occasions because in the majority of cases, their code of practice is not legally binding whereas the DPA98 is. The FSA are just not interested.

Your best bet is to section 11 all financial services organisations that you do business with. Section 11 of the DPA98 requires an organisation to cease processing your personal data for direct marketing purposes - by whatever means. Failure to comply with a section 11 request can result in criminal prosecution, non-criminal enforcement or audit against the offending organisation. All my banks have to remove the advertising from the envelopes that contain my bank statements - I love it!

http://www.mindmydata.co.uk/section11.asp

0 0

Panasonic DMR-HW100 HDD DVR

Monday 10th October 2011 12:26 GMT Derichleau

Read the reviews on Amazon before buying a Panasonic

I was recently going to buy a Panasonic Freeview HD recorder for my parents but was put off by all the people complaining about the adverts being displayed on the programme guide. It put me right off.

Also, if you look on their website you'll discover that the only way to contact Panasonic is to write to them by post. Why would you want to do business with such a company. There are better options. I went with a Humax eventually and my parents are really pleased with it.

1 0

UK firms splash even more cash on online ads

Thursday 6th October 2011 13:32 GMT Derichleau

The online video model has data protection issues

Section 11 of the DPA98 entitles an individual to ask a company to cease processing their personal data for direct marketing purposes - by whatever means. If you're logged in to an online account, then you have a right to ask the company to remove any advertising from the videos being displayed - because by being logged in, your personal data is being processed to deliver the adverts to you.

If you're not logged in then the marketing is just generic but if you are logged in then they need to comply fully with the DPA98. They cannot use terms in a standard form civil contract to deny you of a statutory right.

0 0

ICO: NHS data security breaches are just 'plain daft'

Thursday 6th October 2011 13:16 GMT Derichleau

Kettle and pot

And this, coming from the ICO, the organisation whose policy department informed me two weeks ago that a company has a right to target me with direct marketing if they make this clear in their terms - despite my legal right under law to ask them to stop. And the same organisation that then informed me that a company cannot use civil law to deny me of the statutory rights afforded me by the DPA98 and then refused to discuss the matter further. Well if they can't use civil law to deny me of a DPA98 right, then how can their policy be correct?

The UK data Watchdog has left me totally confused and have made it clear that they refuse to discuss the matter further. They've also done the same thing with online marketing - telling me last week that online marketing in a logged in account area is not direct marketing but telling me this week that it is. They confirmed that Barclays are likely to be contravening my section 11 DPA98 request not to target me with direct marketing by displaying advertising banners on my online banking pages. But of course, the ICO won't take action against real companies - instead they prefer to bully and mock the public sector.

How they have the nerve to call another organisation daft is beyond me. They've gone right downhill in recent years. I assume that all the good staff have moved on and we're left with a bunch of jokers.

0 0

Twitter to serve unsolicited ads in Facebook style

Friday 2nd September 2011 12:48 GMT Derichleau

Is the DPA98 any use here?

Section 11 of the DPA98 allows UK data subjects to request that an organisation ceases processing their personal data for direct marketing purposes. The ICO deem all online advertising appearing within a data subject's logged-in pages to constitute direct marketing. If Twitter were a UK-based company we could excercise our right under section 11 and ask them to remove the advertising from our accounts; failure to respond to such a request could result in criminal prosecution, non-criminal enforcement or audit against Twitter.

So what happens if I exercise my right on Twitter? Will they comply bearing in mind that they're a US company?

0 0

Outbound space probe looks back at tiny Earth and Moon

Wednesday 31st August 2011 11:41 GMT Derichleau

Great Wall of China

If you look closely you can just about make it out.

3 0

99% of UK gov websites are breaking the law

Wednesday 24th August 2011 12:33 GMT Derichleau

Mute topic

If the ICO have already deemed that organisations have 12 months grace then I fail to see how they can be contravening the law.

0 1

ICO tells public sector to respond to Twitter

Thursday 4th August 2011 12:30 GMT Derichleau

More bullying by the ICO

This is yet another example of how the ICO likes to take a firm stand with government organisations, yet regularly wimps out when challenging the private sector. I'm still waiting for a decision from the ICO on whether they're going to take action against a popular highstreet bank over their refusal to comply with my request not to receive direct marketing. I want the bank to remove marketing appearing when I login to my online account, as according to the ICO, any and all advertising banners (even generic advertisng) appearing on a logged-in page would constitute direct marketing. The Bank are refusing to comply. What's the ICO doing about it? Not a lot! Now if this was a government organisation they'd be all over them like a rash.

Double standards every time... the ICO handles private organisations with kid gloves while poking a stick at the goverment orgs. They seriously need to grow a pair.

1 1

ICO: Volunteer to be audited by us, we might not bust you

Thursday 7th July 2011 11:58 GMT Derichleau

They should automatically audit

I try my best to support the ICO but when every complaint to their office gets the obligatory "we're sorry for the time it has taken to respond", I find it a bit annoying that they're not devoting resources to speeding up the complaints process.

The ICO should carry out audits whenever they receive a complaint. When you bear in mind that the majority of organisations in the UK use standard form civil contracts in an attempt to "customise" the DPA98 to suit their own needs, and when you bear in mind that no term in a standard form civil contract can deny a consumer of a statutory right, why aren't the ICO auditing the terms and conditions of companies?

Pick a company... any... and I bet I can find something in their privacy policy/terms and conditions that is incompatible with the rights afforded me by the DPA98.

0 0

NHS bitchslapped by ICO on data security

Friday 1st July 2011 12:27 GMT Derichleau

The ICO always goes for the easy win

The ICO only seems to take action when they know that they can get a win... for example, with other government agencies.

In contrast, I've been warned by a few very well known private companies recently that if I'm not happy with the way in which they abuse the rights afforded me by the DPA98, that I can cancel my account. According to the letter that I received yesterday, the ICO don't have a problem with this; they don't have a problem with companies blatantly contravening data protection laws and then threatening to cancel the account of anyone that complains. Yet if a govenment agency does the slightest thing wrong they're all over them like a rash dishing out undertakings at the drop of a hat.

Like I say... the ICO only want to get involved when they can get an easy win. If you're a private company in the UK you've basically got a carte blanche to do as you please with personal data.

4 0

Got a website? Pay attention, Cookie Law will come

Monday 20th June 2011 12:52 GMT Derichleau

No need to panic

The Information Commissioner's Office has given us 12 months grace to get our website sorted out.

0 0

Mesh Computers goes titsup

Friday 3rd June 2011 12:15 GMT Derichleau

I don't think it matters

I don't think an organisation has a legal obligation to display this information on their website. If they've chosen to display it within their terms and conditions and it's incorrect then all I can seen happening is someone telling them to correct it.

On the data protection issue... not all data controllers are required to register; for example, if they are exempt from registration. It is however a criminal offence to process personal data without being a registered data controller - if you are not exempt, and there's an e-mail address on the ICO's website where you can report them if you feel so inclined. The ICO won't do anything though... they'll just advise them that they may have to register. The ICO are extremely reluctant to get involved legal issues, preferring instead to advise.

0 0

Thursday 2nd June 2011 12:59 GMT Derichleau

You missed the point

The main point here is that Mesh go out of their way to make it clear to their customers that they are not prepared to negotiate if your PC is out of warranty. In other words, when you purchase a computer from Mesh, by accepting their terms and conditions, you're accepting that they may be unreasonable once the PC is out of warranty.

So you've just spent £2000 on a computer and the graphics card has failed two weeks after the 12 month warranty has expired. The retail version of the graphics card comes with a three year manufacturer's warranty so it's not unreasonable to expect Mesh to replace the graphics card free of charge. A good company would replace it without question. Other companies may try to negotiate some of the cost or ask you to settle for a second-hand test card. From my experience, Mesh do not want to know unless you're willing to pay for everything.

Never again for me.

0 0

Thursday 2nd June 2011 12:50 GMT Derichleau

Not true

You're getting confused over two different issues. There's the Inherent fault issue where you have a remedy if a fault was detected within the first six months, and then there is the durability issue - where you can ask a judge to decide whether or not you are entitled to compensation because it's reasonable to expect the computer to last for so many years based on the price paid for it. The two do not have to be connected. In other words, to pursue a case for compensation, I do not have to show that there was an inherent fault.

The point I was trying to make is that Mesh have a clause in their terms and conditions which basically says that they're not interested. If your £1500 computer has a problem the day after it's out of warranty then stuff you! Unless you're going to pay for them to repair it they don't want to know. Bearing in mind that trading standards are not interested either, the only way that you're going to get it fixed is to either pay for it to be fixed yourself or take Mesh to court.

0 0

Wednesday 1st June 2011 12:39 GMT Derichleau

New owner same old crap!

I see that the new owners have updated their terms and conditions today but have retained clause 6.3. Clause 6.3 Limitations states:

'The guarantee is limited to the rectification of hardware defects or faults,by the Seller or manufacturer only and during the guarantee period covering goods supplied by the Seller'.

This is simply not true. The seller can be liable for up to six years but it requires the owner to seek compensation via the small claims court. For example, where one has paid £1000 for a computer that develops a fault after two years. A reasonable person would expect a £1000 PC to last for more than two years but Mesh will only get involved if it is still under warranty.

Trading Standards are a waste of time in this instance - I made Trafford Trading Standards aware of this but they didn't want to know. Your only option, if the PC is out of warranty, is to seek compensation via the courts; which is why I'll never purchase another Mesh PC again.

Like I say... new owner same old crap... if your £1000 Mesh PC doesn't work the day after it's out of warranty, your only option is to seek compensation in court. Why would you want to do business with a company like this?

0 0

Credit processors targeted in fight against spam

Tuesday 24th May 2011 12:28 GMT Derichleau

Credit card companies aren't much better than the spammers!

In the UK, the majority of banks and financial organisations couldn't give a toss about complying with one's legal right not to have their personal data processed for direct marketing. They believe that they have a God-given right to promote their products to their customers so they're no better than spammers.

Secion 11 (DPA98) the bastards I say! But only if they're a genuine company and only if they're UK-based.

0 0

Play.com: Only customer emails lost in data breach

Wednesday 23rd March 2011 14:05 GMT Derichleau

They rely on their terms and conditions

Play.com, like many companies, probably believe that they can negate statutory law with terms in their standard form civil contracts - their terms and conditions and their privacy policy. This just isn't true and any term that is incompatible with the DPA98 is likely to be deemed unfair by a court of law.

Also, if they've passed your details on to a third party against your wishes, check that you've not entered any of their competitions as you have to opt-out again at the very bottom of each competition form. I have raised this with Paul Vane from the Jersey ICO on a number of occasions but he said that there was nothing that he could do about it.

Your best bet is to submit a complaint to the Jersey ICO; the more complaints they receive about a company the more they're likely to take action.

0 0

Play.com spam points to malware downloads

Tuesday 22nd March 2011 13:18 GMT Derichleau

Play.com well known to the Jersey Information Commissioners Office

The Jersey ICO has received many complaints about Play.com but they never seem to do anything about them. The best thing to do is to submit a section 11 DPA98 request for Play.com to cease processing your personal data for direct marketing purposes.

www.mindmydata.co.uk

1 0

Scareware cold-callers target 1 in 4

Monday 15th November 2010 13:10 GMT Derichleau

Signing up to the TPS is the way forward

If you sign-up to the Telephone Preference Service (TPS) then a company cannot legally cold-call you by phone. Since I've been signed-up, (over a year) only one organisation has contacted me in an attempt to sell me a service. As soon as I realised that it was a sales call I interrupted the caller and asked them how they obtained my personal data and what right do they have to cold-call me when I'm registered with the TPS. I reported that particular organisation to the ICO and told them that, should they contact me again, I would pay to have their phone number blocked and recover the cost via the small claims court. Needless to say, I have not heard from them again.

The point is though, once you are registered with the TPS no one should be cold calling you. So the first question you ask is how have you obtained my personal data. Often this is enough to deter the criminals.

1 4

O2 hits button on location-based ads

Friday 15th October 2010 12:13 GMT Derichleau

Not happy with the ads, then it's easy to make them stop

If you're not happy with O2 bombarding you with adverts just send them a Section 11 (DPA) notice requesting them to cease processing your personal data for direct marketing purposes. An organisation has a legal obligation to respond to such a request and no more adverts - ever, from O2. www.mindmydata.co.uk.

0 0

Spending Review? Why not axe the Information Commissioner?

Friday 15th October 2010 12:06 GMT Derichleau

It's possible to a certain extent

By submitting a Section 11 (DPA) notice to an organisation, that organisation should cease processing your personal data for direct marketing purposes. Many of the complaints received by the ICO are complaints about unwanted direct marketing. If the law were changed so that individuals had the legal right to claim £100 in damages from any organisation that fails to comply with their Section 11 notice, then there is an valid argument for reducing the ICO's resources. www.mindmydata.co.uk

1 0

Ad watchdog to bite Facebook, Twitter

Wednesday 1st September 2010 12:14 GMT Derichleau

Members can opt-out of online adverts

In 2008 the Information Commissioner's Office concluded that online advertising appearing in a logged-in web space constitutes direct marketing. This is because a connection must exist between the online user and a database containing their personal data for the individual to be logged in. Thus, it is similar to putting a marketing leaflet inside an envelope and addressing that envelope to an indiviudal - the generic marketing leaflet inside the envelope is considered to be direct marketing even though the leaflet itself is not targeted at anyone. Howerver, because the method used to deliver the leaflet was directed at an individual, then the leaflet too becomes direct marketing. It's the exact same principle in a logged-in account area.

If you're fed-up with direct marketing simply submit a Section 11(DPA98) notice to the organisation. Further information can be found on www.mindmydata.co.uk.

1 0

UK told to strengthen data protection, again

Friday 25th June 2010 12:23 GMT Derichleau

It's a waste of time

Nearly every company that I do business with fails to honour my data protection rights. And every time I complain to the ICO it's the same old story - they cannot enforce the law... they only offer guidance. At the end of the day, the only guaranteed way to make an organisation stop sending me direct marketing is to seek a court order under Section 11(2) of the DPA. It's rediculous that I should potentially have to have a case tried in the Crown Court just to make a legitmate company stop abusing my personal e-mail but I've come close to doing it twice.

See www.mindmydata.co.uk for some good advice on how to stop direct marketing.

1 0

Twitter 'leaves door open' for targeted ads

Wednesday 16th September 2009 12:24 GMT Derichleau

Roll over and pucker up why don't you!

Ha, AC, the majority of the companies that contravene my data protection rights make their money in other ways. Amazon for example sell products at a profit so why should they make more money by contravening my data protection rights? Tiscali - I already pay them to provide a service so why should they make more money by contravening my data protection rights. And so on!

These companies have a legal obligation to ensure that they process personal data in accordance with data protection law and I would rather they went bust than abuse my data protection rights. And, as I pointed out yesterday, when I initially contact these companies I do so politely. I'm not trying to be a big man and just want them to process my personal data legally; it's their arrogance that causes me to escalate the issue. They're breaking the law for no other reason than to line their own pockets and apparently you're fine with that.

At the end of the day they're bullies; they take advantage of the little guy because they think that they so powerful nothing can touch them. You might roll over and pucker up to a bully but it's better to fight back.

0 0

Tuesday 15th September 2009 09:31 GMT Derichleau

But it's good sticking it to the man

Fair enough Dale, you have a valid point but it's all too easy to turn a blind eye. When you have large organisations abusing their customers data protection rights I believe something has to be done to make them stop. But it's also the arrogance of some of these companies that really annoys me and it makes me want to put the effort in.

The fact is, nearly every single company that I do business with contravenes or has contravened my data protection rights in some way. Tiscali my ISP have told me that they will not remove the banners on my account. Jobsite will not remove the banners on my account 'because it's a free service' - like that makes a difference? Amazon said that they were entitled to target me with advertising because I had accepted their terms and conditions. So Amazon believe that their civil contract can deny me my statutory rights. And many companies do that - put a clause in their T&Cs and then ask you to tick a box to accept them. But any term in a civil contract that attempts to deny an individual of their statutory rights is worthless. confused.com, comparethemarket.com and fasthosts.com all have worthless opt-ins to e-mail marketing in their T&Cs. They have failed to obtain your "Informed Consent" by doing so and as such they're breaking the law if they send you electronic marketing. I've submitted complaints to the ICO about all three. In fact, when I asked Fasthosts to cease processing my personal data for marketing purposes they told me that they were not able to do this. That's how bad some companies are when it comes to data protection.

The worst offenders of the lot though are the high-street banks because they believe that their code of practice entitles them to inform their customers about their products. They're so arrogant! They believe that their CoP, and it's just a code of practice - it's not legally binding, should take priority over my statutory rights. And when you try to explain to them they don't want to know.

And that's why I do it. These companies agree to process personal data in accordance with the relevant laws. But when you contact them to point out that they're doing something wrong, most of them do not want to know. I am currently in the process of taking one of the well known banks to court and then we'll see.

0 0

Monday 14th September 2009 12:38 GMT Derichleau

It's easy to opt out of all direct marketing

The Information Commissioner's Office ruled last November that advertising targetted at an individual's logged in area of a website is direct marketing. This is because all online companies use computer code to identify and track their members from the moment they log in until they log out. As such, any online advertising is targetted at an identifyable indvidual.

All you need to do is ask Twitter to cease processing your personal data for direct marketing purposes and they have a legal obligation to do this within 28 days. That's all advertising - mail, e-mail, phone, text, online advertising. If they fail to comply you can seek a court injunction to make them comply. You can do this with any company but most of them will object because they're going to loose revenue. I asked Camelot the other week to remove the advertising banners from my account pages of the National Lottery website and at first they objected but after consulting with their legal team they agreed and they should be praised for doing so.

There is a standard form for doing this on the ICO's website. I am currently in the process of taking a well known bank to court because they refuse to comply.

0 0

Topics

Special Features

Vendor Voice

Resources

Posts by Derichleau

Page: