A definition at the heart of the UK's Data Protection Act (DPA) is unclear, creating legal confusion that undermines the whole law, the Information Commissioner's Office (ICO) has said. The ICO enforces the DPA, advising businesses on how to stay in line with the privacy-protecting law and investigating complaints about …
How about ...
"any and all data of whatever description, pertaining to any individual person, whether or not it includes or touches upon another individual person, shall be held secure and only accessible to a extent needed by any viewer; in a lawful manner, sufficient only to complete the viewers duty. The data shall not be copied, by any means, or otherwise stored or disclosed to other persons contrary to law
The subject person of the data shall be free, upon written request, be able to inspect the data and offered the opportunity to correct any errors, other than such data in current use for ongoing criminal or security investigation."
....., organisations can be sure to be very good at protecting 'their own' data; e.g salary and bonus payments to senior managers, the home phone numbers of the directors, draft contracts with clients/suppliers, etc; so they should be able to apply protection and care to all data they hold and process. After all, it's about procedures and systems.
New law will be drafted which makes the internet effectively impossible, eg banning an ISP passing on the return address of your web request to a foreign server.
Meanwhile the police/government/etc will get caught sending all your phone calls to Libya or something and get a strongly worded letter in the Gruniad.
You IP address by itself is fine - it's when they connect the IP address to YOU (name , address, etc) that the rules should kick in.
This sounds kinda promising - but no doubt it will end up being bast***ised by big company lobbying - and we all end up with less protection.
Forgive me if I missed it
But what are the two competing definitions here?
Not a lawyer, but anyway
The term should be "personally identifying data", meaning "data that with a high degree of confidence pinpoints a single person or a small group of persons", where person in turn means natural person, ie. not a company.
So a single IP address might pinpoint a single person if statically assigned, but if rotated with another thirty thousand in a pool every 24 hours, then you'd need a date to go with it to reach comparable likelyhood of identifying a single person.
Of course, this is still vague and oftentimes not readily ascertainable. It often depends on how much effort it costs to turn the raw data into a blinking arrow pointing at a certain someone. Therefore, there cannot usefully be a single definitive list of things that are "personal data" and another definitive list of things that are not. So don't even try.
So, the ICO perhaps ought to help companies and such with advice how to reduce data hogging requirements for any given purpose. And that, storing the minimum necessairy for the task at hand, no more, is a good general principle and ought to happen anyway. I gather this is not now the case.
Instead I see a lot of yabbering about conceptual frameworks and with that attempts to have their arsecovering service attain a seal of governmental approval. That does not reassure me the ICO is effective ensuring people's privacy. In fact, I would have expected the ICO to come up with the above reasoning themselves and propose a workable definition instead of passing the buck back to the nitwits that came up with the current half-arsed definition in the first place. But 'tis to be expected, them being a product of same anyway. Carry on government.
A Taxonomy of Social Networking Data
Here is an informative srating point for our ICO:
@Forgive me if I missed it
Personal data = data belonging to you and Personal data = data about you.
You might own your phone number but the phone company owns it's record of your position - but that data is data about you - so it's your personal data?
Clearly the UK people need to wake up
You guys should follow the example of your transponderian cousins and get the help you need when it comes to being heard by the powers that be...
Disband the ICO
Pointless, lazy, ineffective, corrupt waste of time space and money.
Ineffective I'll grant you, but then they are under-resourced and do pay peanuts, so it's no suprise that some of their case officers are paddling around in the shallow end of the gene pool. Add the lack of specialist skills in key areas and there are major issues.
However - pointless? Perhaps you think there should be no oversight or enforcement of FOI, DPA, EIR and PECR. Properly resourced, independent and with appropriate powers the ICO has the potential to be extremely useful, not least in combatting data slurping info-whores (you know who you are).
Lazy - what are you, some knee-jerk from the Daily Heil?
Corrupt - do you have any evidence for this, or do you just like libelling underpaid public servants for kicks?
You're pretty brave in cyberspace, flame boy.
mixing online and offline data
there are issues where certain companies are now mixing online data with offline to generate a very detailed profile for people
the other issue is where people replace a name with a unique ID (UID) this is no better than an alias and it still identifies the data subject, and in effect more uniquely than their name
how many fred blogs, tom jones are there ?, but how many with UID 123456789 ? but as the law stands at the moment the because these UID's do not have an actual name in them they are not classed as personally identifiable information (PII)
these are the sort of loop holes undesirable data highjacking ad networks are using to sidestep our ineffective regulators
Big Brother doesn't need you.
This might be one of those "If you're not British you'd never understand." sort of things, but I doubt it.
I herewith give my permission, therefore, to the British Isles, and anyone who has ever heard of the British Isles, to tell (we) Americans we are full of shit the next time you hear us say "If you're not American you'd never understand". I think I'm being fair, here.
The sad fact is that Big Brother doesn't need you ... except for elections. The only time the Government needs you to identify the miserable little backwater you call home is when you vote. Consequently, the only information they may disclose (in the US, at least), is a location so heavily filtered by civil structure that the dangerous stuff is pushed back past the 15th Decimal place. Since Big Brother doesn't need you, it works for them (and has for several thousand years).
GPS changes this, or so it seems. In fact, it does not change anything at all - except to make everyone Out-Law, which is the only reasonable description for a location system too exact, too zoomed in, to determine a legal jurisdiction except at the Country (Big Brother) level, maybe, it's a matter of pattern recognition, not science. In wartime, they are pretty handy gadgets, true, but in peacetime Big Brother does not need that specificity (notice I didn't say accuracy) and you don't need that specificity, even if it gives you some minor Out-Law thrills and the opportunity to spout nonsense about privacy being dead.
Big Brother's Laws should reflect a simple principle: Anything more dear than a polling place should be off limits. Of course the howls from the Private Sector - the sellers, will be deafening. That is to be expected because finding new customers is hard work and the Tech Industry is way out of practice.