In our November 2009 blog entry we reported on the T-Mobile customer data scandal and pondered its implications on future government policy (see link below). Datonomy, the data protection weblog: T-Mobile scandal gives new impetus to Ministry of Justice consultation Nearly 9 months on one of the two men responsible for this scandal has appeared in court (see link below). Former T-Mobile UK employee, David Turley last week pleaded guilty in a Chester court to 18 charges of stealing confidential information and selling it to a rival company in contravention of section 55 of the Data Protection Act (he is yet to be sentenced).
Yesterday saw the publication of the Information Commissioner's Annual Report 2009/10, entitled "Upholding information rights in a changing environment", (in a change from the untitled annual reports of years gone by). The report covers the period April 2009 to March 2010 and coincides with Christopher Graham's first year as Information Commissioner, having taken over from Richard Thomas in June 2009. For a link to the report click here. For our written digest of the report, including an overview of the UK enforcement regime (prepared by Olswang LLP), contact your usual member of the Datonomy home team (see right hand bar).
The Hamburg Data Protection Authority has launched a legal action against Facebook accusing the social networking site of illegally accessing, saving and using the personal details of non members for marketing purposes. The action could result in Facebook being fined tens of thousands of Euros. Germany has some of the strictest and most detailed data protection laws in the world, setting out how and how much of an individual's private information may be accessed and by whom.

This is particularly interesting for three reasons. The first being that in April this year, Facebook unveiled streamlined privacy settings making it possible for users to block access to their e-mail lists. But the head of Hamburg Data Protection Authority, Johannes Caspar, is concerned that previously saved e-mail addresses and other data gathered by Facebook have not been erased. The second is that, until now, the questions asked of Facebook … Continue Reading ››
The ICO's long awaited "Personal Information Online Code of Practice" has arrived. Fittingly, it is available as an interactive e-book with some fun graphics (Datonomy particularly likes the mock website, and the moving graph. It's like something out of Harry Potter!) For the Luddites among you, the new code also comes as a good old-fashioned PDF version for reading on the train home. Datonomy will be doing just that, and will bring you its more considered thoughts on the new guidance in due course. But at first glance, the new guide looks promising - setting out the ICO's interpretation on DP compliance for all things online, in one comprehensive and user-friendly source. It addresses topics including marketing to children and othe vulnerable groups, the use of Online Behavioural Advertising, privacy settings and cloud computing. Icons in the margin … Continue Reading ››
Something to add to your summer holiday reading? The Ministry of Justice today issued a call for evidence about how well (or not) Directive 95/46 and the Data Protection Act 1998 is working. Love it or hate it (and as our own and other blogs attest, apparently this cherished instrument does arouse strong passions), EU data protection legislation is very much here to stay: it's over a decade since the Act was implemented and as the MoJ points out, it's time for a fresh look at it in preparation for the negotiation of new legislation next year.

Datonomy hopes that there are well reasoned, and numerous, responses to the MoJ's call, in these exciting times for lovers of data protection. The call for evidence closes on 6 October.
The Encore Project, with which this blog is associated, has as its objective “to make giving consent as reliable and easy as turning on a tap...and revoking that consent as reliable and easy as turning it off again”. On the 29 June I went to the demonstration at the LSE by the project managers of an online interactive prototype that will allow data subjects to audit how their data (held by a DP) are being processed – to view the categories of data, to view how often and for what purpose the data are being processed - and to withdraw consent selectively if they want to.

It is excellent prototype. Based upon investigations of the needs of ordinary people and businesses, it provides transparency and a significant degree of control over the data, while being straightforward to use. Necessarily there is a pretty big technical architecture behind the facility. … Continue Reading ››