back to article UK told to strengthen data protection, again

The European Commission has told the UK government to beef up data protection in order to bring safeguards for British citizens up to European standards. We now have two months to improve the situation and bolster the powers of the Information Commissioner's Office. This is the second stage of the infringement process taken …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    European Standards?

    Those that say "leak all financial data to The Cousins"?

  2. Anonymous Coward
    WTF?

    Our Laws are not strong!!

    What, you say our laws are not strong? How can that be?

    I do hope the EU Commission does carry out the action rather than just make noises because Data Protection is somewhere the UK really lacks in.

    1. Oz

      Re: Our Laws are not strong!!

      And I, for one, would welcome the EU Commissions input in the rather dubious practice of the Police keeping DNA records of people for X number of years.... even if they are innocent

      1. The Other Steve

        Not needed

        "And I, for one, would welcome the EU Commissions input in the rather dubious practice of the Police keeping DNA records of people for X number of years.... even if they are innocent"

        The ECHR ruling on this matter was really rather clear, it's just that Smith and later Johnson chose to try and weasel around it in a way that to the casual observer appeared to breach both the spirit and the letter.

        The original Coalition Programme document says of the current DNA database "We will adopt the protections of the Scottish model for the DNA database." The Scottish model, IIRC, allows the DNA of innocent people charged with but not convicted of some[0] mostly sexual or violent crimes for three years, with a possible extension of another two years if you can convince a court it's necessary. Everyone else is deleted on acquittal. This is quite a lot better, but only because the English model is so appalling. [0] contains rather a long list of things that you can be accused of and still have your DNA retained on acquittal, including "sodomy".

        [0]http://www.scotland.gov.uk/Publications/2008/09/22154244/27

    2. BristolBachelor Gold badge
      Coat

      Strong Laws

      AC I think that the article was about laws _protecting_ people are not strong.

      They are not talking about the laws to spy on where kids live or what schools they go to, or laws to persecute photographers; they are different laws.

      I'll get me coat on the way out...

  3. N2

    I dare say

    That quick as a flash nothing will happen until the EU decides to act, whereupon ministers will react as if its some completely new 'low fast ball'.

    So crack on Viviane, make my day!

  4. Anonymous Coward
    Unhappy

    Does anyone know...

    What the penalty is when "anti-fraud data-mining" bulk data transfers are made but no statutory notice is given?

    I'm livid at the current setup for the "National Fraud Initiative" whereby the Audit Office gathers personal, banking, address and salary info on all benefit claimants and public sector employees and data mines this for fraud detection purposes. There is nothing we can do to stop these transfers because they are (supposedly) made in the name of fraud prevention and so adhere to the letter (if not the spirit) of the DPA.

    I think a transfer happened recently but my employer made no statutory notice; I would love to be able to hook them on this as this process that currently goes on largely unnoticed needs to be exposed.

    1. Anonymous Coward
      Anonymous Coward

      Re: A/C

      What?????? Bastards!!!!

      IANAL but I believe I'm correct in saying that there's nowt can be done. Or at least, if they can show that is anti-fraud related, then there'll be very little you can do. I've not done any digging on it this morning so this is coming from (a very tired) memory.

      Any idea exactly what data is transferred? I.e. is the banking info sortcode and Account Number, or do they kindly keep an eye on your statements for you? Depending which part of the public sector you work in, you're probably on a zillion databases anyway, so just sortcode and account number isn't _that_ big a change (they already have it to pay you - the fraud office could just request it.).

      AFAIK I've done nothing wrong, so I've nothing to hide. Doesn't mean I want anyone else seeing the sorry state of my finances though!

    2. The Other Steve

      Fair processing notice should be issued by your data controller

      Or they are in violation of the DPA. Not only is this spelled out in the DPA itself, there is also a long section about in the Audit Commission's Code of Data Matching Practice, starting on page 16, section 2.8.4, which you can find here http://www.audit-commission.gov.uk/nfi/pages/codeofdatamatchingpractice.aspx [links to pdf]

      You might like to give your HR department a copy and ask them why they are in breach, or contact the Audit Office. Don't get your hopes up though, since the remedy consists of :

      2.8.6 When providing data to the Commission, participants should submit a declaration confirming compliance with the fair processing notification requirements. If the Commission becomes aware that fair processing requirements have not been adhered to, it should agree the steps necessary for the participant to achieve compliance.

  5. dephormation.org.uk
    Linux

    The problem with the ICO

    ...isn't so much the powers.

    The ICO doesn't use what few powers it already has.

    The problem is the management and staff of the data protection unit.

    They lack independence (according to the EU Agency for Fundamental Rights), they're incompetent to regulate IT (according to their own staff), and they lack resources (according to their management).

    Until these parasitic wasters are cleared out and replaced by people willing to robustly protect the public, handing them more powers to these cretins is just a waste of time.

    1. Anonymous Coward
      Unhappy

      Exactly right

      "Until these parasitic wasters are cleared out and replaced by people willing to robustly protect the public, handing them more powers to these cretins is just a waste of time."

      Couldn't have put it better myself. Add OFCOM to the list as well.

      The civil service has no interest in protecting the public, only in protecting their own jobs.

  6. Happy Camper
    Thumb Up

    I like Vivien.

    Can we have some prosecutions over 'Phorm' and the paper that wire tapped all those mobiles. The two "ICO did nothing under Labour" cases that prove the point. Start there and I will believe that the ICO can be saved.

    Don't act on that and nothing can be salvaged in which case please EU, fine us really heavily and make it very public in all papers and TV that the Government is to blame (not the taxpayers) It MIGHT make the MP's listen then, everyone knowing they are crap seems to make them change their bad habits.

  7. Anonymous Coward
    FAIL

    Incompetent Chocolate teapot Organisation

    It is pointless giving the ICO extra powers. They do not understand technology. For example, nearly every other country is investigation Google's streetcar data breech?.

    The ICO? - Nah just destroy the data we don't understand the issues anyway!

  8. Derichleau
    Grenade

    It's a waste of time

    Nearly every company that I do business with fails to honour my data protection rights. And every time I complain to the ICO it's the same old story - they cannot enforce the law... they only offer guidance. At the end of the day, the only guaranteed way to make an organisation stop sending me direct marketing is to seek a court order under Section 11(2) of the DPA. It's rediculous that I should potentially have to have a case tried in the Crown Court just to make a legitmate company stop abusing my personal e-mail but I've come close to doing it twice.

    See www.mindmydata.co.uk for some good advice on how to stop direct marketing.

  9. Luther Blissett

    Let's not forget

    The criminality at the CRU at East Anglia that could not be prosecuted by the ICO.

This topic is closed for new posts.