back to article Europe's data protection rules set a high bar for consent – and UK ICO welcomes your thoughts

The UK Information Commissioner's Office has published draft guidance for data controllers on what it's actually going to mean for users to consent to their data being collected and shared under the European Union's looming General Data Protection Regulation (GDPR). You have already heard about that new regime, which will …

  1. GrapeBunch
    Thumb Up

    Virtual nostalgia

    freely given, specific, informed and unambiguous

    I like that. Apply it retrospectively to sub-prime mortgages, and the global economic collapse of 2008 goes away. Both the people who signed up for the mortgages, and the people who bought the poisoned derivatives, did not give informed consent. And the people who did not inform them, largely got away scot-free with bags of lucre and no negative consequences.

    1. John G Imrie
      FAIL

      Re: Virtual nostalgia

      Could we do that for the brexit vote as well.

      Note to both sides army of comutards slavering at the prospect of down voting this post into the seventh circle of Hell, did any one get sufficient information to make an informed choice.

      1. Anonymous Coward
        Anonymous Coward

        Re: Virtual nostalgia

        "[...] did any one get sufficient information to make an informed choice."

        When in doubt about the quality of information then the status quo is usually the safest option.

        The problem with the referendum is two fold.

        1) a significant change like that should need a 60% majority of those who voted. That makes it a cleaner cut decision for everyone to live with the consequences.

        2) Parliament knew the result was only advisory. In our representative democracy MPs should then have made a considered decision about the potential effects on society as a whole. They give the appearance of having buckled and thrown in the towel. The populace will always tend to vote for free beer if someone promises it to them in electioneering. In theory that is why the USA founding fathers created their Electoral College - as a check on a populist candidate being elected president. It was not intended as a mere rubber stamp.

        1. SundogUK Silver badge

          Re: Virtual nostalgia

          "In theory that is why the USA founding fathers created their Electoral College - as a check on a populist candidate being elected president."

          Bollocks. The Electoral College has nothing to do with 'populism.' It has always been about guaranteeing a majority of smaller states don't get steamrollered by a few large states.

      2. Anonymous Coward
        Anonymous Coward

        The illusion of choice

        Neither option was "jettison the bourgeoisie into the ocean", so what does it matter.

      3. SundogUK Silver badge

        Re: Virtual nostalgia

        Yes, I did.

    2. Tom Paine

      Re: Virtual nostalgia

      That assumes the seller has an accurately quantified the riskiness of a particular instrument. Sounds easy if you say it quickly but actually (in finance anyway) it's very difficult to do and it's a moving target. If everyone had perfect knowledge of future risk, pricing would always be a perfect representation of value and no-one would ever make a profit (or loss) trading.

  2. Nick L

    And if you don't have consent...

    And if you don't have consent to these standards, you must stop processing the data.

    So that reliance you had years ago on the "if you do not want to hear from X, click this box twice, knock on wood and shout Beetlejuice three times" consent is not consent.

    You bought a list in?  Be prepared to disclose where that came from to the subjects, and be sure that their process was compliant too.

    This is one small part of GDPR, and there's lots of little Gotchas like this. I must admit I'm impressed with the ICO guidance which is clear, easy to read, and actionable.

    1. John Smith 19 Gold badge
      Go

      "the ICO guidance which is clear, easy to read, and actionable."

      That actually sounds quite promising.

      Let's hope more of the people should read this stuff do so.

    2. Tom Paine

      Re: And if you don't have consent...

      Having drawn the short straw and ended up as the name on the ICO's register as my employer's Data Protection Officer, I thought I should probably read up on what responsibilities that entailed. The ICO guidance is outstanding. I can't think of any regulator that provides clearer or more copious plain English guidance. 10/10, would register again.

  3. Anonymous Coward
    Anonymous Coward

    Do the governments have to follow this consent model?

    Silly question.

    This is a nice idea but how exactly are they going to implement it? The companies small enough will just go bump and reappear and the big companies will pay off someone in government to turn a blind eye.

    How will you even know your data has been used, shared, kept wrongly and without consent? Most will just add consent to the terms and conditions when you use whatever service or buy a product if they don't already have it. I don't read the terms and conditions very often so my first born could already be sold and I would be none the wiser like most people.

    The only time I ever caught someone misusing my data was to do with my car and guess who I called? That's right, the ICO and if anyone can't guess the number of shits that were given that day I would be very surprised.

    1. Adam 52 Silver badge

      "Most will just add consent to the terms and conditions"

      As I understand it, one of the rules in GDPR is that you can't do this.

      1. Anonymous Coward
        Anonymous Coward

        Yes and when you accept the terms and conditions there will be extra tick boxes before you can proceed.

        Yes on the left, No on the far right of the page.

    2. Tom Paine

      Do the governments have to follow this consent model?

      Silly question.

      Yes, yes they do. And there's an independent court to make sure they do. Remember all those headlines about unelected Brussels bureaucrats refusing to let the UK gov steamroller over various human rights or fundamental rights provided by the Treaty of Rome?

  4. Anonymous Coward
    Anonymous Coward

    question

    "most extreme cases of breaches of the regulation, organisations can be fined €20m or up to 4 per cent of the total worldwide annual turnover of the preceding financial year,"

    SImple question - does it apply to both government and to government-authorised cartels such as credit ref agencies. If for example, if a reference agency shares anything with an organisation where you have not given explicit consent for that specific information to be shared, will they face the fines? If a civil servant leaves the USB drive on the train, does the government face the fine, or the individual in question?

    1. Charlie Clark Silver badge

      Re: question

      Simple answer — yes

      1. mark 120

        Re: question

        Assuming that the purpose of sharing the data is one which requires consent, and not an exemption such as for the purposes of national security or crime prevention. Or that it isn't already covered on another basis, such as being required for the fulfilment of a service contract.

    2. Tom Paine

      Re: question

      That's two questions, but (and IANAL of course, and I'm sure you're not dumb enough to get your legal advice from commentards anyway) as I understand it:

      1. yes it applies to the state (which is what you mean by "government", although actually the latter is just teh politicians elected to set policy, not the civil servants toiling away in anonymous office blocks in Nuneaton, Exeter and Glasgow who do the actual work); and

      2. the employer is liable, not the employee.

  5. ADC
    Facepalm

    "draft guidance"

    Read that as "daft guidance" - can't think why

  6. Medical Cynic

    This would put an end to the NHS's flagrant misuse of patient data without consent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like