The Data Protection Act - Another worthless law ?

#1
If ever there was some piece of law that was so widely disregarded that it was worthless, it has to be the Data Protection Act...


Thousands of people involved in disagreements with council staff have had their personal details stored on secret blacklists.
Bureaucrats have listed the details of members of the public who have been involved in rows with teachers or dustmen over seemingly trivial matters.

Scores of councils hold databases of ‘undesirables’ – individuals who could potentially pose a threat to their staff.

They hold the details of almost 9,000 people, but most have never been charged with or convicted of a crime.

Personal information such as car registration numbers, telephone numbers, household pets, nicknames and distinguishing features are listed on the databases.



Read more: Thousands on secret council blacklists: Personal details kept of residents who dare to complain | Mail Online
 

Sixty

ADC
Moderator
Book Reviewer
#2
No Daily Heil threads in CA please.
 
#4
No Daily Heil threads in CA please.
Appologies if I've dropped a clanger here, it just seemed to make sense to me. Perhaps a kindly mod could shift it to another section...

It isn't just the Daily Mail article though. I've held this view for ages now. When I got sent my first ever Database prog [LocoFile for the Amstrad PCW 8256] it came with a huge info pack about the DP Act and a card to register with the Data Protection Registrar. Clearly giving the impression that all keepers of Data would have to register and follow strict rules... Yeah, right, whatever! I never returned the card and a bet hardly anyone has bothered to since. Neither has anyone ever bothered to contact me to make sure my details are correct anywhere. And yet I get loads of junk mail from companies who have more than my basic contact details, and I know they share it.

Data Protection Act? Worthless!
 

maguire

LE
Book Reviewer
#5
I dont think you know exactly what the DPA is for, do you?

your name and address may be out there, but that could have come from a few places considered in the public domain (phone book? electoral roll?).

however, without the DPA things would be a lot, lot worse. fancy anyone being able to call up your phone banking number and access all your information? phone up Sky and find out how many times you've been watching mucky films? *thats* what the DPA is there to stop.

plus which, the councils havent broken the DPA by having such a database, as long as the information is held **securely**. as long as it's kept confidential, and not open to access or abuse by any third party, the councils are breaking no data protection laws here. they are being complete c**ts, I'll grant you, but they arent breaching the DPA.
 
#6
It's not the DPA that needs binning, it's the worthless, scumbags, elected by a very few number of cretins, to run local councils that need binning.

Actually, I shouldn't use that metaphor: if you binned a local councillor, you'd have to spend half an hour wondering which bin to put him it and then the cnuts who come to empty the bin would leave him there cos he's in the wrong coloured bag.

Our street looks like Dresden after the clean up with piles of shite bunged into 780 bins (only 4 houses) in the vain hope that somebody might pop by and either recycle it, bin it, or eat it.
 
#7
The DPA was introduced with good intentions and if the letter and word of the law is followed then it is still a good thing.

Sadly, when people sign at the bottom of a very long page of small printed text they generally do not read what it says above their signature. Then they wonder why their "Personal Data" is passed around all and sundry - not realising that one of the paragraphs they did not read stated clearly and in english that the "Data Subjects" collected "Personal Data" could be passed on to any and all organisations remotely connected to the "Data User" who had originally collected the data.

The DPA was introduced to stop the data collection and swapsies free for all that was starting to happen in the mid 80's. "Persoanl Data" was being passed around and traded freely with no regard and no control over where it was going. THE DPA, believe it or not, actually puts certain controls on "Data Users" and limits what they can and cannot do with Data. I know of one bank that was fined 500,000 quid for using a customer database for a purpose that had not been declared to the Information Commision. Basically they used an accounts balance database to profile customers and then send out specific marketing letters to the customers.....naughty.

I think that what Troy is actually worried about is the Regulation of Investigatory Powers Act (RIPA), which was introduced in 2000, and was intended as a law enforcement tool to combat organised crime and terrorism. Sadly, the law allowed councils to use, abuse and misuse it.

Councils warned over unlawful spying using anti-terror legislation - Telegraph

Bottom line to minimise intrusion on your life:

1. To stop getting junk mail - register with the Royal Mails preference service, Royal Mail

2. To stop getting junk phone calls - register with the telephone preference service, TPS Registration

3. To stop having the local authority passing your details to all and sundry you need to contact them and inform them that you wish to be removed from the electoral register. It is your right, take no BS.

4. Always tick the box saying that you do not want to be used for marketing purposes, if you don't your details can go almost global.

5. If anyone does contact you through a medium that you expressly forbade to pass on your details make a fuss, shout at them, threaten them with the Information Commisioner ................. you may get a couple of shirts from a well know Jermyn Street shirtmaker as a "sorry", I did.

6. Frequently check your credit reports with Equifax and Experian. They hold more than you would want to know about on around 30 million people in the UK. Its also a good way of checking and preventing your ID being stolen or cloned.

7. As a further personal security measure when you have finished using it shred anything with your name, address and any account numbers on it, even credit card transaction till receipts and junk mail.
 

Boldnotold

LE
Book Reviewer
#8
And never enter 'free draws' where 'all you have to do is give us your name and address'.
 
#9
And never enter 'free draws' where 'all you have to do is give us your name and address'.
Or reply to those emails that all they need is your account number to hide the cash in
 
#10
Bottom line to minimise intrusion on your life:

1. To stop getting junk mail - register with the Royal Mails preference service, Royal Mail
Nearly, but not quite. That link stops the postman putting unaddressed junk through your letterbox such as 'The Householder' etc. Tis is a profit making scam invented by Royal Mail to get around the Mailing Preference Service which stops people sending mail to you for direct marketing by name, so register here Mail Preference Service as well, two clicks of the mouse and it is free.

There is a whole industry that trades 'lists' of 'prospects' and gives good money for your name and address. All reputable direct marketing companies compare their mailshot lists with a monthly dump of the MPS database and remove listed people from the mailshots.

They do however keep your information hoping that you will tick the wrong box in the future, as that will make you legit from then on. Re register with all three at least annually.
 
#12
They do however keep your information hoping that you will tick the wrong box in the future, as that will make you legit from then on. Re register with all three at least annually.
Nearly, but not quite ;-) Every six months for MPS and TPS. Do it religiously.

The earlier advice about not throwing away anything with your name and address on cannot be stated enough. BUY A SHREDDER. They cost little enough. You are not looking to "securely" shred paper, simply make it easier to cut them up. And if you have a garden, compost the shreddings (simply because shredded paper makes excellent compost).

ID theft is incredibly easy, and all it needs is one intact document with your name and address on. And mail redirection, despite RM's protests, is all too easily abused.

BBC - Watchdog: Has your post gone missing?

The full story showed that the PO had accepted a half completed JSA application form as one a form of "ID"!
 
#13
#14
Nearly, but not quite. That link stops the postman putting unaddressed junk through your letterbox such as 'The Householder' etc.
Nearly, but not quite:

1. The opt out service only relates to unaddressed mail. Royal Mail is still legally obliged to deliver all addressed mail, which includes mail that is addressed “To the Occupier” (or with any other generic recipient information), as well as mail that is personally addressed to you by name.
 

Boldnotold

LE
Book Reviewer
#15
Mail addressed to 'The Occupier' is a tough one. Whilst most of it is junk trying to sell you stuff, I had one yesterday from my local council regarding a planning application. I wouldn't have wanted to opt out of that!

(Mind you, as the councils know who I am due to paying council tax, they should be able to merge databases and address me by name. Suppose there's no money for anything useful like that.)
 
#16
They are just being bloody idle. Most councils use a data base systems designed to encompass all these needs, so if you receive a letter from the council addressed to the occupier and if you are the council tax payer for that address, write and complain and tell them that letters addressed to "The Occupier" are treated as junk mail and are shredded without opening them.
 

Sixty

ADC
Moderator
Book Reviewer
#17
What is the policy in case of a genuine scoop by The Mail?
Depends. As long as it doesn't concern:

Immigrants
House prices
The EU
Homosexuality
Dear God, won't someone think of the children
Benefits
The Nanny State TM
The effects of immigrants on house prices
Paedophiles
The effects of paedophiles on benefits
The effects of the EU on paedophiles

or any combination thereof, it'll probably be OK.

I would expect a headline of theirs without reference to any of the above to happen somewhere around the 24th century.




 
#19
In fairness I said 'at least' :)
I know, hence the ;) (indicating my jovial, smiling, demeanour when I made my post, old chap)
 
#20
If ever there was some piece of law that was so widely disregarded that it was worthless, it has to be the Data Protection Act...


Thousands of people involved in disagreements with council staff have had their personal details stored on secret blacklists.
Bureaucrats have listed the details of members of the public who have been involved in rows with teachers or dustmen over seemingly trivial matters.

Scores of councils hold databases of ‘undesirables’ – individuals who could potentially pose a threat to their staff.

They hold the details of almost 9,000 people, but most have never been charged with or convicted of a crime.

Personal information such as car registration numbers, telephone numbers, household pets, nicknames and distinguishing features are listed on the databases.



Read more: Thousands on secret council blacklists: Personal details kept of residents who dare to complain | Mail Online
Although this thread was started in 2011, it must be said that the majority of posters seem to have formed a negative impression of the Data Protection Act 1998 without realizing just what a powerful tool it is in the hands of an individual and now, thanks to the Court of Appeal, it has become a potent weapon in the defence of privacy.

Judgment in the case of Vidal-Hall and others v Google Inc [2015] EWCA Civ 311 delivered by the Court of Appeal on 27 March 2015 the outcome of which was reported in the mainstream Press. The judgment significantly alters the landscape for those who process personal data and those who suffer distress as a consequence of third parties unlawfully obtaining personal data contrary to section 55 of the Data Protection Act 1998.

The case was brought by three UK residents seeking to sue Google in the United States as a consequence of the latter’s ‘data-farming’ using ‘cookies’ designed to by-pass the security settings on the applicants Apple ‘Safari’ Browsers deployed by Google without the applicants knowledge or consent.

Little Press attention was give to the more interesting aspects of the case in which the Court of Appeal took the opportunity of clarifying the scope of the remedies available for those whose personal data is unlawfully obtained under section 55 of the Act.

Sections 10 and 11 of the 1998 Act allow, inter alia, an individual to require someone holding his or her data (a ‘data controller’) to cease or not to begin processing personal data if it would cause substantial damage or distress and that such damage or distress would be unwarranted. Similarly, under s11, an individual has the right to cause anyone holding his or her data to cease, or not to begin processing for the purposes of direct marketing, personal data in respect of which he or she is the data subject. Moreover, and perhaps less well known is that under s12, an individual has the right to require that no decision is taken by or on behalf of the data controller based solely on the processing by automatic means, of personal data. This could cover those situations many come experience where some pixified minimum-waged waif in a Call Centre acts or fails to act on the ground that “the computer says ‘no’ or ‘yes’ as the case may be.

The Act at section 13 gives an individual the right to be compensated for a failure to comply with certain requirements of the Act. It was these remedies that the Court of Appeal addressed in its judgment.

Under section 13(1) an individual who suffers ‘damage’ by reason of any contravention by the data controller or of any of the requirements of the Act is entitled to compensation from the data controller for that damage (emphasis mine).

Under section 13(2) an individual who suffers distress by reason of any of the requirements of the Act is entitled to compensation from the data controller for that distress if

(a), the individual also suffers damage by reason of the contravention, or

(b) the contravention relates to the processing of personal data for the special purposes.​

Once the individual has established a breach, section 13(3) places a burden of proof on the defaulting individual to satisfy the court that he or she had taken such care as was reasonable in all the circumstances to comply with the requirement concerned.

In Vidal-Hall, Google argued that although the claimants had suffered ‘distress’ under s13(2), they were unable to demonstrate that they had also suffered any ‘damage’ under s13(2)(a) and because they had suffered no ‘damage’, they were therefore not entitled to compensation for their ‘distress’ under either s13(1) or s13(2) because ‘damage’ had been interpreted by the government and the courts as meaning ‘financial loss’ (in legal jargon: ‘pecuniary loss’).

The effect of this interpretation would mean that anyone holding your data who disclosed it without your permission causing you severe embarrassment, or loss of reputation, or a breakdown in your relationship, or clinical depression would prevent you recovering compensation from the miscreant unless you could also demonstrate that you had suffered financial loss. In other words, clever drafting by the government had contrived to restrict the availability of any real remedy.

The term ‘damage’ in s13 DPA 1998 had been taken from Art 23 of Directive 95/46/EC "on the protection of individuals with regard to the processing of personal data and on the free movement of such data", The European Commission accused the British Government of failing to properly implement the Directive properly since the UK DPA had failed to provide for a right to compensation for hurt feelings or loss dignity (what Europeans call ‘Moral’ damages). The government responded that the Directive provided no reference or presumption in favour of ‘moral’ damages and appears to have drafted s13 DPA accordingly

Lord Dyson, (Master of the Rolls) approved the decision of the Court of Justice in Leitner TUI Deutschland GmbH & Co KG ECR 1-1631 which had applied the term ‘damage’ from a different directive which the CJEU had held entitled the applicant to compensation for non-pecuniary loss (the loss of enjoyment of a holiday). Here, Lord Dyson concluded that the same construction should apply to Art 23 Directive 95/46/EC and that Parliament had deliberately chose to limit the right to compensation in the way that it did. Because the Court of Appeal felt that it could not interpret section 13(2) as compatible with Art 23 of the Directive, it turned instead to Article 47 of the Charter of Fundamental Rights of the European Union, Art 47 provides that “Everyone whose rights and freedoms guaranteed by the law of he Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down by this Article…” and since the Court of Appeal had already held in Benkharbouche v Embassy of the Republic of Sudan [2015] EWCA Civ 33 (para 69-85) that any breach of a right under EU law would engage Art 47 of the Charter, the courts can and must disapply the offending provision of national law that conflict with it.

In order to make s13(2) DPA 1998 compatible with EU law, section 13(2) of the DPA would be disapplied with the consequence that compensation would be recoverable under section 13(1) DPA for any damage suffered as a result of a contravention by a data controller of any of the requirements of the DPA 1998. In other words, those who suffer the non-pecuniary damage embarrassment, reputational damage etc to which I have referred, has a right in action that was hitherto denied to him or her.
 
Last edited:

Similar threads

New Posts

Latest Threads

Top