Category Archives: Data Protection

"Too important to be left to data protection specialists talking to each other": that was the verdict of the Information Commissioner Richard Thomas on future reform of data protection legislation, as he announced publication this week of a major report on the strengths and weaknesses of the ageing Directive 95/46/EC.

The 100 page review was produced by research organisation RAND Europe on behalf of the Information Commissioner's Office, to inform and stimulate debate about future reform of the legislation to make it fit for the globalised, networked world of the 21st Century.


It will not surprise Datonomy readers to know that the following bugbears feature among the weaknesses identified in the report:
the concept of "personal data" and its relationship to real privacy risks;
rules and mechanisms for international data transfers; and
the processor/ controller distinction.


Datonomy will be lugging the 100 page tome home … Continue Reading ››

The Information Commissioner's Office issued this statement yesterday concerning Google's controversial Street View service:
"Common sense on Street View must prevail, says the ICO
The Information Commissioner’s Office (ICO) has published new advice on Google Street View in response to a complaint from Privacy International.
David Evans, Senior Data Protection Practice Manager said: “As a regulator we take a pragmatic and common sense approach. Any images of people’s faces or number plates should be blurred. We emphasised the importance of blurring these images to protect people’s privacy and limit privacy intrusion. Google must respond quickly to deletion requests and complaints as it is doing at the moment. We will be watching closely to make sure this continues to be achieved in practice.
“However, it is important to highlight that putting images of people on Google Street View is … Continue Reading ››
The Information Commissioner's Office (ICO) has opened a file on Google's controversial Street View 360 degree street level imagery facility, though it has not at this time taken an official position. A statement on the ICO's website currently reads:
"Google's Street View includes a facility which allows vehicle registration marks and faces to be blurred. Individuals who feel that an image does identify them (and are unhappy with this) should contact Google direct to get the image removed. Individuals who have raised concerns with Google about their image being included - and who do not think they have received a satisfactory response - can complain to the ICO".
No specific mention has at this stage been made of fears expressed in some quarters that the images stored on the Street View database may be used by local authorities … Continue Reading ››
A friendly word of caution for Datonomy readers: if you post anything about anyone online without their consent, you might be breaking the law.

In today's world of rampant online social networking and virulent blogging, lots of us write stuff about other people on the internet all the time. Most of us are aware that if we write something really offensive, then we might get into trouble – we've at least heard of the law of defamation.

But what about where we post something that is not defamatory? An example – I update my Facebook status to say that I'm "celebrating my wife's 40th birthday". Not unlawful, right?

Well, ludicrously enough, it might be. Unless she had told me I could reveal her age to the world, I would probably have just unlawfully processed her personal data, in contravention of the Data Protection Act.

When we … Continue Reading ››
Draft legislation to boost the Information Commissioner's enforcement powers, to replace the £35 flat fee with tiered notification fees and to permit data sharing by public sector organisations was published last week. You could be forgiven for having missed it – since the relevant provisions form part of the somewhat eclectic Coroner and Justice Bill.

As its name suggests, the Bill deals with the law relating to coroners and to certification and registration of deaths, and sweeps up a wide range of criminal justice reforms. In a lengthy Bill, competing for attention with provisions on homicide, suicide, terrorism, witness protection and criminals' memoirs, last (but in Datonomy's view definitely not least) – are some important amendments to the Data Protection Act 1998.

The proposed changes to the DPA fall into two categories. For the public sector, proposed new sections will … Continue Reading ››
Four major search engine operators are scheduled to sit down at a plenary meeting next month with Article 29 Working Party to work through the findings of Art29WP's Opinion of 4 April 2008.

The business model for search engines is to increase advertising revenues and refine search results and this is clearly best achieved by building up knowledge about the context of an individual search query. The question though is to what extent does this involve or create personal data and what are a search engine's obligations, if any?

The Opinion clearly thinks they should be regulated. Art29WP's view is that, even though an IP address may not be directly identifiable, other associated information is often available which can identify the user behind that IP address. Cookie unique IDs may also reveal further personal data. Unless an operator can establish "with absolute certainty" that data can't be … Continue Reading ››
In a press release last Wednesday, Information Commissioner Richard Thomas said that episodes of data breach in the UK had risen to 277 over the past year, since HMRC lost 25 million child benefit records. The new figures include 80 reported breaches by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector. The ICO is investigating 30 of the most serious cases.