Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Protection in the UK?

Posted by Cliff on from the very-real-privacy-concerns dept.

Graham Moore asks: "I am getting really concerned about where my personal information goes nowadays. In the last two weeks I have read two news articles here in the UK that talk about call centers and other agencies being set up in India that will transparently deal with customers from the UK (see the this article from The Register). On the UK mainland we have the Data Protection Act to fall back on if we believe the data is knowingly being misused or we wish to see what is stored about us. I suspect that once off of the UK mainland our details can be used or abused unhindered. I have contacted my MP, Melanie Johnson, who is also the Minister for Consumer Affairs, and have not yet had a response. Am I worrying about this unnecessarily or should we all start to get very concerned?"

24 comments

  1. The EU is pretty tough with other countries by km790816 · · Score: 4, Informative

    I read this article about the EU stroing arming US companies to comply with EU privacy guidelines. I can't believe this wouldn't be the case for India as well.

    A lot of US companies were upset about this, as was the federal government, but I think the US ended up enacting laws that mirror the EU to ease tensions. Anyone has info on this?

    --
    A speech...
  2. UK Company by ThePilgrim · · Score: 2, Interesting

    If i've read this right, then a company with an office in the UK that is using offshore call centers with out telling you, especially if they get their call center staff to lie about their location, will either be guilty of a breach of the Data Protection act or fraud.

    If the call is advertised as ending overseas then I don't think there is much you can do about it.

    --
    Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
    1. Re:UK Company by stephend · · Score: 3, Interesting

      I'm doubt most companies would be that stupid. They wouldn't lie, they'd just obfuscate the truth...

      The contract you signed with them probably had some small print to the effect that they can use your data in accordance with doing business with you (or on your behalf). Yes, that *might* contravene the Data Protection Act, but would you be prepared to argue that in court? Could easily go either way.

    2. Re:UK Company by WickerChap · · Score: 1

      I would agree. My sister is British and works for a Phillips reseller in Belgium doing Telesales. She used to call UK customers, and was told to be evasive about the location from where she was calling from (but never actually lying). They were not allowed to say what country they were calling from.

      People naturally assume you are UK based if you are British (with a slight londoner accent!) when calling a british company.

      That has now changed - they are allowed to tell cutomers their location.

      --
      "I love deadlines. I love the wooshing sound they make as they fly past" Douglas N Adams
  3. There is a way out... by clifforch · · Score: 1

    IANAL.. that said..
    A few years ago the UK signed up to the EU convention on human rights. If any person who is asked this question does not wish to answer it and suffers as a result I believe they have grounds for legal action.

    --
    In SOVIET RUSSIA the hot grits profit you!
    1. Re:There is a way out... by clifforch · · Score: 1

      Oh.. and I forgot

      When was the last time this class of ID was needed to open a bank account?

      --
      In SOVIET RUSSIA the hot grits profit you!
  4. Interesting dichotomy. by user+no.+590291 · · Score: 1, Interesting
    If it's intellectual "property," then information wants to be free. If it's our personal information, it should be locked down like Fort Knox.

    Perhaps the answer here is this: Make Palladium/TCPA mandatory--but also make individual's personal information subject to the same sort of DRM. If I apply for credit, for example, the information I submit should be unable to be copied, forwarded, printed, or viewed except as I authorise. Similarly, my medical records at the hospital should be unable to be forwarded to anyone except the portions I designated that my insurer would have access to.

  5. False dichotomy. by Anonymous Coward · · Score: 4, Interesting

    There's no dichotomy there. The root of both issues is that a person has the right to control their own property. If I go buy the latest Crap Band(TM) CD, that is now my property, and so I should really be able to do whatever I wish with it. Similarly, my own personal information is my own property unless I sell it to someone else. My doing business with someone does not give them the right to sell my personal information, much like I am not allowed to make thousands of copies of that Crap Band CD and sell them.

    Another issue is the fact that there is no reason I should have to purchase a CD without having been able to listen to it beforehand to determine whether or not it's worth the price, especially since it cannot be returned or exchanged for another one after being purchased. But that doesn't really have anything to do with your suggestion.

    Your suggestion about applying DRM-style limitations to consumer personal data is an interesting idea, however the notion that Palladium would aid us is rather disturbing, and I have a hard time even rationalizing it.

  6. Foreign call centres are already commonplace by SteWhite · · Score: 2, Interesting

    Hate to break this to you, but the practice of having the call routed
    to some foreign country is already common in the UK (Yes, I live in
    the UK) and has been for years.

    I called Iomega technical support a few years ago to get a free
    replacement when one of my ZIP disks died. The telephone number I
    dialed was a UK one, so I was quite surprised when I found the person
    who answered had a very strong German accent. I asked where she was,
    and she told me the call centre she was working in was in Ireland!

    Now I know in this case the call wasn't going very far from the UK,
    but it just as easily could have been. As for what this means for data
    protection law, I couldn't even guess. IANAL.

  7. Guardion report. by Troodon · · Score: 4, Informative

    Over a few weeks The Guardian covered, in a series of supplements, the current state of privacy in the UK: Big Brother, it may answer some of the questions you have.

    --
    troodon.net
  8. its all a sham - there is no protection by Anonymous Coward · · Score: 1, Informative

    Its all a sham.

    If a company is found to be in breach of the Data Protection Act there is no "comeback". They simply get wrapped on the knuckles and are told to sort the matter out as soon as possible. There is no penalty, and no penalty if they DON'T sort the matter out.

    Be afraid. be very afraid.

    1. Re:its all a sham - there is no protection by gilgongo · · Score: 1

      Well said. I work for a marketing company in London and we fling personal data around like confetti. Encryption? Audit trails? Accountabiity? Pah! Just email Excel spreadsheets out to anyone that wants it, then take the cash. The directors of the company (in theory personally liable) don't give a shit.

      The British love regulation for regulation's sake, but always back off when it comes to enforcement. That's why the DTI is known as the Department of Timidity and Inaction.

      --
      "And the meaning of words; when they cease to function; when will it start worrying you?"
  9. Data export by dpash · · Score: 2, Informative

    IIRC, If a company exports data to a country without eqivelent or better data protection laws they are committing an offence under the act. I can look up more information if you are interested.

  10. Re:the uk? by djkitsch · · Score: 1

    How about this:
    Tim Berners-Lee - invented the web
    Alan Turing - pioneer in computing
    Stephen Hawking - international physics genius

    ...to name but a few. All British...
    Not lessening the acheivements of the USA, but get some world perspective! This is exactly why so many Brits get pissed at so many Americans.
    And Einstein (German) had a reasonably large involvement in the development of atom bomb physics.

    --
    sig:- (wit >= sarcasm)
  11. Re:the uk? by Anonymous Coward · · Score: 0

    A recent Japanese report indicated that over 50% of common inventions had a British origin, however the country is bad at capitalising on them and those that do suceed fall to the British Disease... the hatred of sucess and those who've been sucessful.

  12. Depends how cynical... by mccalli · · Score: 3, Informative
    I suspect that once off of the UK mainland our details can be used or abused unhindered.

    But first they must leave the mainland, and that is where the breach of the Act would occur.

    An analogous situation - I do work in London for a Swiss bank. Some of the processing involves trading counterparty data, but under Swiss law it is illegal to export this data to the UK. As a result, we get obfuscated data that is meaningless to us, but which the Swiss office can decode back into meaningful counterparties. In other words, the UK is complying with Swiss data laws.

    Now, admittedly it's unlikely that the police are watching every internal FTP transfer. We could transfer real data. Doing so would be a crime however, so we don't. The same situation apply to India - whilst it's technically possible to transfer the data, doing so would be a breach of the law.

    So...do you trust the company you're doing business with? If you do, then I would suggest that you have nothing to worry about. If you don't, well...

    Cheers,
    Ian
    (I don't, by the way...)

  13. It's the Information Commissioner you want by rpjs · · Score: 3, Informative

    The Information Commissioner is the person to raise this with first, rather than your MP, even if she is a minister (or the cynical would say, especially if she is a minister...)

  14. paranoia? by cybersacrilege · · Score: 1

    I can understand your concerns. However I work for the forementioned company and since it is a government intiative with the contracted help of a private sector company, it has a very strict process. Obviously I cannot go into intricate detail but I can confirm, as assumed by mccalli, your information is obfuscated to 99% of the people who handle it, be it in this country or another. Also all parties have government CTC clearance or a synonymous international equivalent. Then the information is processed by bodies which already HAVE the information. i.e. Local Police/National Identification Service. The only question is, are the government keeping this information. But that could be said in several scenarios these days, and amounts to the age-old "is big brother watching." The answer is simple, if they were willing to break several EU and Data Protection Laws, then yes, once again Big Brother is watching. Quick somebody call Robert Redford. Alas, as far as this process goes, your information hasnt exchanged into any NEW hands. Regards