Can an individual withdraw its consent for processing personal data? If yes, how it can be done? Are data controllers ready for such option? All these questions became very topical upon adoption of amendment to the Polish data protection regulations. The main Polish regulations regarding processing of personal data are contained in the Personal Data Protection Act of 1997 (hereinafter: PDPA) that implements Directive 95/46 into Polish law. Generally, personal data is processed on the basis of consent given to data controllers by the person whose data are processed. Hence, rules regarding consent are crucial for all those who are involved in data processing. The latest amendment to the PDPA provides a small but significant change to the existing regulations. As such it is certainly worthy of blog subscribers’ attention. Until now, one of the main controversies related to the issue of consent under PDPA was connected with the possibility of withdrawing … Continue Reading ››
Last month Datonomy reported that objections by the Republic of Ireland had delayed completion of a data adequacy agreement between Israel and the EU (see Datonomy post "Irish politicking delays Israeli EU Data Protection Deal"). However, reports in the press this week (see the article in Israel's Jerusalem Post newspaper at http://www.jpost.com/International/Article.aspx?id=192913) seem to suggest that on 25 October 2010 the EU formally approved the adequacy of Israel's "Privacy Act" despite Irish reservations. Datonomy has been unable to locate any official EU source confirming this development. [Ed - are any of our readers able to point to an official EU statement?] EU approval elevates Israel to an elite group of countries whom the EU deems have sufficiently adequate data protection laws, until this announcement that group included only Argentina, Canada, Guernsey, the Isle of Man, Jersey, Switzerland and the Faroe Islands. If confirmed, Israel's data adequacy agreement with the EU is … Continue Reading ››
The Information Commissioner's Office is considering flexing its enforcement powers in relation to Google's inadvertent collection of "pay-load" data from WiFi networks.  Datonomy was surprised that the ICO's initial report in July took a very lenient view of the issue.  The ICO described its approach at the time as "responsible and proportionate"; others described it as "farcical".  Possibly egged on by its counterparts in Germany, Spain and the Czech Republic to name but a few, the ICO yesterday released this statement: "Earlier this year the ICO visited Google's premises to make a preliminary assessment of the "pay-load" data it advertently collected whilst developing Google Street View. Whilst the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await findings of, the investigations carried out by our international counterparts. "Now that … Continue Reading ››
Bad privacy press has been plaguing Facebook for some time. The bad news for Mark Zuckerberg this week was delivered in the form of a Wall Street Journal reportwhich claimed that some of the most popular third party apps on Facebook have been transmitting users' personal data to advertising companies and data brokers in breach of Facebook's developer policy.  The WSJ reported some of the most popular applications, including Farmville (which has a whopping 59 million users), Frontierville and Texas HoldEm Poker were making available the unique Facebook user identifications (UIDs) to 25 advertising and data companies, and some transferred information relating to users' friends.  This was even possible where the user had made the information in their profile private.  The Facebook UIDs can be used to retrieve a Facebook user's real name and any information on their profile to which access was not restricted by that user's privacy … Continue Reading ››
The guardian newspaper's technology blog today reported the rather shocking statistic, (obtained from research conducted by mobile and forensics experts Disklabs) that 50% of second hand mobile phones offered for sale still contain personal data from their previous owner (see link to the article below). http://www.guardian.co.uk/technology/2010/oct/12/mobile-phones-personal-data Of the 50 handsets bought from resellers on eBay researchers found porn on nine of the devices, while video and calendar information were also still on nine handsets. Personal security information, including home address, credit card numbers and pin numbers were on 26 of the handsets. Simon Steggles, director of Disklabs labelled consumers naive in their approach to personal data - "The worst thing a consumer can do is hope or assume that the person buying the phone will remove the data," said Steggles, "Any data left on the phone is effectively open to the public domain. That could be as varied as intimate photos, videos and text messages … … Continue Reading ››
Today sees the launch of Mydex's personal data store. As highlighted here previously, Mydex's prototype allows individuals to create their own personal data stores.  The objective of empowering individuals to manage their data online, controlling what type of data is shared and with which organisations, is no mere twinkle in Mydex's eye – the list of organisations participating in the pilot announced today is impressive and includes the Department for Work and Pensions (via its TellUsOnce project), the London Boroughs of Brent and Croydon and the Royal Borough of Windsor and Maidenhead, along with a number of observing organisations and contributors. External verification is to be provided by Experian. The objective of the pilot, as Mydex puts it, is to educate participants in the use and benefits of the personal data store system, which will subsequently support the next stage in developing new and valuable personal data store services. Datanomy will be following progress … Continue Reading ››
Instead of organisations owning and controlling data, how would it be if individuals had control of the management, use and sharing of information about themselves?  Datonomy has been reading with interest about the theory and practice of such an idea in Mydex's paper "The Case for Personal Information Empowerment: The rise of the personal data store" and it reminds him of that Barclays advert a few years ago with Robbie Coltrane which ended with a punchline something like: "of course, you know what this means, don't you? We'll all become our own bank managers."  Bank managers aside, the concept of a "personal data store" is an intriguing one. For the consumer or citizen, it would bring convenience (how many passwords does Datonomy struggle with every day, and this is just the tip of the "convenience" iceberg) and it would bring the prospect of control (sharing personal information only with intended recipients, not those "carefully selected third parties" that … Continue Reading ››