Domain: ico.org.uk
Stories and comments across the archive that link to ico.org.uk.
Comments · 20
-
Re:Summary/Article disagreementSorry to interrupt your little rant of hurt American exceptionalism, but Facebook were issued with the maximum fine for the laws pertaining at the time for something that was actually illegal at the time. GDPR rules would have allowed a much greater fine to be levied but it wasn't because "ex post facto" is simply a figment of your imagination and the offences were committed before those rules came into force.
Why do they need new laws? Because, despite assurances, Facebook is still pushing out swathes of overtly political advertising without effectively identifying the source and appears to be failing miserably to control seriously harmful content that is leading to the children harming and killing themselves. Also, it appears that Facebook seem to accept that they may have been breaking the law and haven't been that concerned about it: the law, if that be true, needs to be made more compelling.
Politics was very reluctant to take on tech - partly because they didn't understand it and partly because they didn't want to be seen to be stifling economic growth. However, they now do understand it - it's not about tech and it's not about beneficial economic growth, it's about an amoral group of rich people making themselves richer still. So they now feel rather more comfortable about legislating.
-
Is this not a GDPR violation ?
It seems to me that they are collecting data about the protesters that is not relevant to the purpose of dealing with illegal activity. This is a violation of the GDPR that says that the personal data you are processing is limited to what is necessary – you do not hold more than you need for that purpose.. It would be interesting to see the protesters make a GDPR complaint about Eclipse Strategic Security; even more interesting to see how the ICO tries to avoid doing anything about it.
-
Is this not a GDPR violation ?
It seems to me that they are collecting data about the protesters that is not relevant to the purpose of dealing with illegal activity. This is a violation of the GDPR that says that the personal data you are processing is limited to what is necessary – you do not hold more than you need for that purpose.. It would be interesting to see the protesters make a GDPR complaint about Eclipse Strategic Security; even more interesting to see how the ICO tries to avoid doing anything about it.
-
Re:Seems like the right reasons to me
Yeah, if only GPDR recognised "Legal obligation" as a lawful basis for processing.
Oh. Hang on.
https://ico.org.uk/for-organis... -
Re:Nothing "new" here
It doesn't address the root issue of limiting the front end collection and using of data in the first place which is the real problem.
Collection of data is a form of processing data, and requires a lawful basis for so doing.
https://ico.org.uk/for-organis... -
EU right to be forgotten
I wonder if the EU will do the right thing and extend its right to be forgotten proposals to allow you to demand that facebook, et al, remove all of that information about you? The other thing that might be fun is doing a subject access request and have facebook tell you everything that they know about you.
-
Re:How to stop this
Contact them and inform them that they are holding incorrect information and you want it corrected under the data protection act and the new data confirmed. If they refuse to do so, or provide no contact details for data protection complaints, contact the Data Protection Registrar. https://ico.org.uk/for-organis...
You may also have a case under the UK's unsolicited email rules: https://www.gov.uk/marketing-a...
No, a thousand times no...
read their website, they're wise to this sort of approach, and they're holding no data other than IP address supplied to them by the various Copyright Mafias' 'investigators', the only people (at this point) who can match your IP address to a name is your ISP, who are the ones sending out the emails. (Expect that to change in the UK...)
If you contact them, that is the Get it Right from a Genuine Site momsers quoting their reference, then congratulations, you've just 'outed' yourself to the feckers, you're now tagged as belonging to that IP address on their databases and they've saved themselves the cost of a court order to do this..
Until it gets legal, never respond to this sort of BS, when it does go legal, bear in mind you'll be dealing with 'hired guns' employed by industries with extensive criminal involvement (just google organised crime and the entertainment industries..), get yourself a lawyer, and get them to respond..
-
How to stop this
Contact them and inform them that they are holding incorrect information and you want it corrected under the data protection act and the new data confirmed. If they refuse to do so, or provide no contact details for data protection complaints, contact the Data Protection Registrar. https://ico.org.uk/for-organis...
You may also have a case under the UK's unsolicited email rules: https://www.gov.uk/marketing-a...
-
Got to show the report
All that the (prospective) tenant needs to do is to submit a Subject access request (possibly paying £10) and they have to give all of the information within 40 days. Certainly for people in England (and it is a British company), I don't know what happens if someone from the USA would try it.
Trouble is that many people will just hand over their passwords and forget about it.
-
Privacy & Data Protection
The entire EU is covered a common Data Protection law to ensure peoples' privacy is respected by companies collecting private data. Some idiotic jobsworths have interpreted this have chosen to interpret this that everybody must opt-in to visit a website.
There is no such requirement in the directive, here is the UK Information Commissioner guidance on what is required.
-
Re:That's Not Pre-Crime
That's just fear mongering nonsense, that wouldn't even be remotely legal.
There are very few exceptions by which businesses can gather data on an individual without their permission, and crime prevention is one of them.
So all this can legally be used for is crime prevention, if it's used for being selective about customers then they've crossed the line into illegality and will be liable for massive fines (far more than it would've cost to just serve you).
This is only ever going to be a problem for you if you got caught shoplifting on CCTV, or as my partner who manages a number of retail stores found the other day, for junkies that decide to shoot up in your changing room spraying quite possible HIV infested blood all over the fucking place before running out into the store and stripping naked then running away before the cops turn up.
Having actually now had a look at the Facewatch site, it's also pretty fucking explicit that it's about crime prevention and this new real-time functionality is intended to allow incidents of shoplifting to be shared in real time. So next time roma gypsy gangs come across from the continent on the ferry to rape just about every shop in a particular city / shopping centre in the space of a few hours before heading back home again on the ferry with a boat load of stolen shit they can actually be caught in the act. Up until now because they typically hit a different city or shopping centre every time they're not known and so it's typically been dependent on catching them at port whilst they wait for their get away ferry.
The UK has pretty strong data protection laws. It'd be hard to abuse this without getting severely fucked by the ICO. In fact, frankly, you can't even really use CCTV for crime prevention unless you can justify that there is actually a crime problem. If your store has never been a victim of shoplifting, you'd be hard pressed to prove your case for CCTV to the ICO.
You can read all about it for yourself here:
-
Re:Privacy = $9.52
21,000 customer records were sold. The records contained names and addresses, and could be supplied pre-filtered by critera such as age, sex or whether a purchase had been made within the last 12 months. As far as I can tell, the records did not contain purchase history or other medical information. I would have expected the fine to be considerably higher if it had.
The official enforcement notice from the information commissioner can be found at https://ico.org.uk/action-weve...
In short, pharmacy2u required uses to register and provide name, address, DOB, etc. when registering a user account. During registration, there would be a checkbox to indicate consent for their details to be passed on to third parties for marketing purposes. Importantly, the box was pre-checked, so users had to actively opt-out. P2U offered their customer list for sale via an agent, allowing filtered lists (from consenting customers) to suit the client's requirement. 2 of the purchases of the customer list were obvious scammers: a classic postal lottery scam, supplements from a supplement vendor who had already been censured for making false claims. P2U executives had to personally approve the requests for sale of names/addresses. In the case of the sale of the names/addresses of 3000 elderly customers to the lottery scammers, the executive even suggested a change to the scammer's mailshot because it sounded too scammy.
The reason for the fine was based on the fact that the sale of personal data to scammers was not adequately covered by the "consent to share details for marketing purposes", and the consent was dubious anyway due to the opt-out checkbox. Further, the because the P2U customers included vulnerable people, there was a significant risk of financial or medical harm to customers by allowing scammers to obtain the customer list. -
Re:Try it in the EU first
Yup. A massive fine awaits any business that attempts to behave in this way in the UK. The ICO is definitely not afraid to take enforcement action against organisations that flout data protection laws - see https://ico.org.uk/action-weve...
-
Re:so they got an anti-abortion judge
It's about time that some of these organizations (including banks and others)...Why is it a "heavy-handed" fine? It seems to me that when an organization endangers members of the public via negligence, they should receive a penalty that is sufficient to motivate them to change their practices....It seems to me that the annual salary of a couple of professionals, who probably ought to be fired anyway, seems about right.
I guess "heavy handed" is a relative term, so let's take a look at ICO's BPAS fine vs ICO's bank fine:
The ICO fined The Royal Bank of Scotland the grand sum of £75,000 in 2013*. The RBS Group had around £18 billion in income during 2012, and the top 2 executives received almost £4 million (excluding stock awards) in compensation. (RBS 2013 Financials)
The BPAS, on the other hand, had donations of around £27 million in 2013 (0.15% of RBS revenue), and their CEO is thought to earn around £120K (7.5% of RBS CEO pay). Yet they were fined £200,000 (2.67X the RBS fine).
Dunno. Seems kinda heavy handed to me.
* only instance of ICO fining a bank that I could find
-
Re:UK : Data Protection Act
There are eight tets to pass to Since the name is the only thing displayed after an account is deactivated the posts it fails the first test
-
Re:sensationalism
Would you not be better served by a worker that you can say "no thanks" to as opposed to a CCTV
No as I am a polite person and feel an obligation to interact with someone trying to interact with me. I can ignore computers just fine.
The Information Commissioner's Office has nothing to do with the GCHQ so why are you mixing them together? Also, none of your links have anything to so with placing wifi trackers in the street. I ask again, do you have any proof that the government has anything to do with placing WiFi trackers in the street?
By the way, personal attacks
,such as calling someone "daft", just shows that your arguments are weak and your tact is lacking. -
You get what you pay for.
The offical budget publication for 2011-2012 http://www.ico.org.uk/about_us/boards_committees_and_minutes/~/media/documents/library/Corporate/Detailed_specialist_guides/ico_budget_2011-12.ashx plus key facts http://www.ico.org.uk/ from offical site.
-
You get what you pay for.
The offical budget publication for 2011-2012 http://www.ico.org.uk/about_us/boards_committees_and_minutes/~/media/documents/library/Corporate/Detailed_specialist_guides/ico_budget_2011-12.ashx plus key facts http://www.ico.org.uk/ from offical site.
-
Re:Cookie requirement? C'mon guys.
Actually this is due to a UK/EU law/requirement that all sites which require users to explicitly be notified (and agree to) any cookies which are not explicitly required for usage of the site (sites which require logins, shopping carts etc are therefore exempt), the site will just work as normal if you don't click on the "I agree" button (which ironically will set another cookie saying you have agreed).
I guess some sites just enabled it for world users rather than dealing with different countries seperately.
ICO link below for those who want to read up on it.
http://www.ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies
-
Re:HTTPS means something specific
What we really need is industry-standard secure-ish email.
In the UK we have http://ico.org.uk/ and the rest of Europe has something comparable. The problem is that corporations from your side of the pond don't like it. I think it has even been reported to the WTO as an illegal restraint upon trade.
Many companies make mistakes. Some large, US based, "international" corporations see it as their duty to break civilised laws.