CORONERS AND JUSTICE BILL – Second Reading 26 January 2009.

The Secretary of State for Justice Jack Straw introduced the provisions relating to the Data Protection Act 1998. He said that “provided scrutiny and security are guaranteed, better data sharing can greatly work in the interests of the public. It can help to improve opportunities for the most disadvantaged, provide better public services, reduce the burden on business, implement policies more effectively and detect fraud.”

The Secretary of State referred to the review of data protection and data sharing, commissioned by the Prime Minister in 2008 and carried out by Professor Mark Walport and the Information Commissioner Richard Thomas. He quoted from the Review that “there is a lack of clarity about what the law permits or prohibits”.

He went on to say that as a result “Clause 152 provides a new scheme for data sharing. Under … Continue Reading ››
No-one can accuse recent EU accession state Bulgaria of not taking data protection seriously. At the tail end of last year Datonomy picked up a story concerning the reckless personal data disposal policy of one of Bulgaria's banks. Now the Sofia Echo reports that electricity distribution company CEZ has been fined 100,000 leva (a little more than 50,000 euro) by the Commission for Personal Data Protection for continued breach of privacy protection regulations.

In 2008 CEZ was told to stop demanding "proof-of-right-of-use" documentation from new customers (documents that would prove a right to use premises might be a rental contract or an ownership deed). According to the CPDP this practice creates a duplicate of the archive of notary deeds at the registration agency, for no good reason: all CEZ needs to know is who will pay … Continue Reading ››
Datonomy was interested to read about a Private Member's Bill which received its first reading in the House of Lords recently, and wonders whether this could help to advance the debate on the vexed issue of what constitutes "verifiable parental consent" in an online data protection context.

The Online Purchasing of Goods and Services (Age Verification) Bill, was introduced by Baroness Massey of Darwen and had its first reading on 14 January Short and sweet, the Bill (originally proposed by MP Margaret Moran in 2008 under the Ten Minute Rule) proposes that online providers of age restricted goods and services, as specified by the Government, shall take "all reasonable steps to determine that the person purchasing or otherwise obtaining access to such goods and services meets the specifications of the relevant age restriction". Service providers failing to make the requisite checks would face … Continue Reading ››
A friendly word of caution for Datonomy readers: if you post anything about anyone online without their consent, you might be breaking the law.

In today's world of rampant online social networking and virulent blogging, lots of us write stuff about other people on the internet all the time. Most of us are aware that if we write something really offensive, then we might get into trouble – we've at least heard of the law of defamation.

But what about where we post something that is not defamatory? An example – I update my Facebook status to say that I'm "celebrating my wife's 40th birthday". Not unlawful, right?

Well, ludicrously enough, it might be. Unless she had told me I could reveal her age to the world, I would probably have just unlawfully processed her personal data, in contravention of the Data Protection Act.

When we … Continue Reading ››
The Coroners and Justice Bill – Data Protection Clauses.

These clauses have already attracted some attention. There is an article by Philip Johnston in The Telegraph (26 Jan). The Information Commissioner has published a commentary on the provisions.
Quite correctly, the IC draws attention to the Information Sharing Clause 152 which provides a definition of information sharing to be inserted at section 50A (3) of the DPA 1998. This goes:

“(3) For the purposes of this Part a person shares information if the person-

(a) discloses the information by transmission, dissemination or otherwise making it available, or

(b) consults or uses the information for a purpose other than the purpose for which the information was obtained.”

At first sight, this looks like an attempt to cover both sides of the information sharing. (a) is the person who discloses the information and (b) is the … Continue Reading ››
Posted on the website of the Official Journal of the European Union this morning is a little treat from the European Data Protection Supervisor: it's his Opinion on the Commission Green Paper on the Effective Enforcement of Judgements in the European Union: the Transparency of Debtors' Assets — COM(2008) 128 final. The conclusion of the EDPS runs as follows:
The EDPS welcomes the Green Paper and the broad consultation to which it has been submitted and recommends that:

— possible legislative actions stemming from the Green Paper should ensure that the processing of personal data carried out by the whole range of enforcement authorities is clearly based on at least one of the legal grounds laid down by Article 7 of Directive 95/46/EC, and in particular its letter (c) and/or (e),
— the proportionality principle is duly taken … Continue Reading ››
The Information Commissioner's Office has issued a Data Protection Good Practice Note on the Use of ID scanning devices in pubs and clubs.  The ICO's guidance seeks to provide "a number of tips to help pubs and clubs use ID scanning equipment in a manner which respects customer privacy and meets the good practice recommendations in the Act".  The tips are as follows
• You should design display signs and prominently place them close to the entrance of premises explaining simply and clearly why the ID system is in operation and if any sharing with other schemes (such as Pub Watch) is involved.
• You should also explain on the display signs any intended marketing use of customer names and addresses by the club. You should deal promptly with requests not to receive promotional material. You will need clear consent for … Continue Reading ››