Category Archives: Data Protection


Data protection notification fees for large organisations will jump to £500 on "red tape day", 1st October.
The changes are set out in The Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 which were laid before Parliament earlier this week. The move is designed to increase funding for the Information Commissioner's Office, and was one of several reforms proposed by the Government in a consultation paper last Summer, which in turn followed on from the review into data sharing conducted by the ICO and Dr Mark Walport, Director of the Wellcome Trust.
For data controllers in "tier 1", the annual notification fee remains £35. For "tier 2" controllers – i.e. public authorities with 250 or more staff or organisations with 250+ staff or an annual turnover of £25.9 million or more, the fee … Continue Reading ››
Datonomy is pleased to see that data protection gets several mentions in the Government's roadmap for Digital Britain published last month.

The 239-page White Paper sets out wide-ranging proposals to promote the future of the media, communications and technology sectors, and the headlines have already been grabbed by sexier proposals such as the 50p levy to fund next generation broadband, the future of the TV licence fee and measures to crack down on Internet piracy. However, the Government recognises, quoting the EU's Consumer Affairs Commissioner, that "personal data is new oil of the Internet and the new the currency of the digital world" and so data protection issues also feature in a number of sections of the report.

Personal digital and data security: consumer confidence in transacting online is an essential ingredient of a successful digital economy. There are no new … Continue Reading ››
The EU Telecoms Ministers decided on Friday that they would not submit to pressure from Parliament to include measures relating to unlawful internet use in the 'Telecoms Package' which has been undergoing review for some time. This means the entire package will continue to 'conciliation' between the Parliament and Member States and such negotiation talks aren't likely to commence until the first half of September.

The Telecoms Package of course contains a wide range of issues. Datonomy has discussed at length on this post previously some of the proposals surrounding notification of breaches but there are some other less publicised changes to the Privacy and Electronic Communications Directive which could have major implications for the industry.

In particular, there is a proposal to amend the current provisions relating to cookies and other devices. This amendment would … Continue Reading ››
"Too important to be left to data protection specialists talking to each other": that was the verdict of the Information Commissioner Richard Thomas on future reform of data protection legislation, as he announced publication this week of a major report on the strengths and weaknesses of the ageing Directive 95/46/EC.

The 100 page review was produced by research organisation RAND Europe on behalf of the Information Commissioner's Office, to inform and stimulate debate about future reform of the legislation to make it fit for the globalised, networked world of the 21st Century.


It will not surprise Datonomy readers to know that the following bugbears feature among the weaknesses identified in the report:
the concept of "personal data" and its relationship to real privacy risks;
rules and mechanisms for international data transfers; and
the processor/ controller distinction.


Datonomy will be lugging the 100 page tome home … Continue Reading ››

The Information Commissioner's Office issued this statement yesterday concerning Google's controversial Street View service:
"Common sense on Street View must prevail, says the ICO
The Information Commissioner’s Office (ICO) has published new advice on Google Street View in response to a complaint from Privacy International.
David Evans, Senior Data Protection Practice Manager said: “As a regulator we take a pragmatic and common sense approach. Any images of people’s faces or number plates should be blurred. We emphasised the importance of blurring these images to protect people’s privacy and limit privacy intrusion. Google must respond quickly to deletion requests and complaints as it is doing at the moment. We will be watching closely to make sure this continues to be achieved in practice.
“However, it is important to highlight that putting images of people on Google Street View is … Continue Reading ››
The Information Commissioner's Office (ICO) has opened a file on Google's controversial Street View 360 degree street level imagery facility, though it has not at this time taken an official position. A statement on the ICO's website currently reads:
"Google's Street View includes a facility which allows vehicle registration marks and faces to be blurred. Individuals who feel that an image does identify them (and are unhappy with this) should contact Google direct to get the image removed. Individuals who have raised concerns with Google about their image being included - and who do not think they have received a satisfactory response - can complain to the ICO".
No specific mention has at this stage been made of fears expressed in some quarters that the images stored on the Street View database may be used by local authorities … Continue Reading ››
A friendly word of caution for Datonomy readers: if you post anything about anyone online without their consent, you might be breaking the law.

In today's world of rampant online social networking and virulent blogging, lots of us write stuff about other people on the internet all the time. Most of us are aware that if we write something really offensive, then we might get into trouble – we've at least heard of the law of defamation.

But what about where we post something that is not defamatory? An example – I update my Facebook status to say that I'm "celebrating my wife's 40th birthday". Not unlawful, right?

Well, ludicrously enough, it might be. Unless she had told me I could reveal her age to the world, I would probably have just unlawfully processed her personal data, in contravention of the Data Protection Act.

When we … Continue Reading ››