The sensitivity of personal information should be determined by the reasons behind why the information is to be processed, the UK's data protection watchdog has said. The Information Commissioner's Office (ICO) outlined its view in a new paper in which it analysed the European Commission's proposed new EU Data Protection …
explicit, freely given, specific and informed consent
patient: I don't want my records 'anonymised' and uploaded to the GPES for use by 'the NHS and other approved organisations'
doc: Find another doctor then.
freely given consent? not so much.
see http://www.ic.nhs.uk/article/2245/GPES-benefits for more
Actually, that also fails the fair test: coercion is also not permitted (I think it's principle 2 of the UK interpretation of the Data Protection directives) if you have any evidence that the data is not anonymised. However, if it IS anonymised (and for that there should be evidence or a rapport or something - it's otherwise too easy a getout) I think your chances of preventing it are slim.
Sensitive by default
"We believe that the wording should be narrower than [proposed] so that the processing would only be caught if its purpose was to reveal, analyse etc. a person’s ethnic origin, race and the like,"
I can see that the ICO is trying to be practical here, but it is surely wrong with this approach.
The whole point of protecting sensitive data is to ensure that it does not end up in the wrong hands (ie the hands of the uncivilised/criminal etc. who would abuse it). It matters little, then, what the intended purpose of the processing is.
We would be better served if the ICO focused its energies on making it clear to the Data Controllers that their lives would be a lot easier if they put some thought and development effort into ensuring that they collected the minimum amount of information necessary and partitioned it appropriately.
Re: Sensitive by default
@JustaJKOS "to ensure that it does not end up in the wrong hands"
Nope, you've missed the point.
Classifying "Sensitive" data is about WHO should have it and process it, not about how it is kept secure. Classifying data as Personally Identifiable Information (PII) is about HOW it should be stored. Sensitive is a subset of PII.
Name, Address, DOB and sexual orientation are items of PII data, but not all record holders need to process all those items, and each must justify WHY they need to hold it. El Reg profiles shouldn't need to have your sexual orientation, but it might be considered important on a dating website. BOTH need to ensure ALL the PII is held securely. To over simplify, the theory of "Sensitive" is that its the stuff you could be blackmailed or discriminated over ("we don't want Union Activists working here")
Totally agree with your last paragraph - too many people don't take PII seriously.
How 'sensitive'? Not very.
It seems to me that the IT industry will be always be utterly, incompetently, and completely incapable of implementing these subtle rules.
The only realistic way ahead is to "get down with the kids". We have to start accepting that we won't have private information, except that which we keep in a diary, maybe. Once the psychological hurdle is jumped, it's easy. All the Information Commissioners, lawyers and "security specialists" [haha] lose their jobs. So what?
Re: How 'sensitive'? Not very.
Much better if society can be persuaded to mount an "immune response" BEFORE the next outbreak of ethnic cleansing, rather than after.
A lesson from history. In the late 19th century the unified state of Germany was formed to great public acclaim. Its new citizens queued up to obtain their papers. The form they filled in was quite simple. One of the questions was "Religion" to which many happily replied "Jewish". After all, this new state had for the first time granted them constitutional protection against harassment and discrimination.
Scroll forwards to the late 1930s and their parents' replies stored in dusty filing cabinets doomed not just the parents, but children and grandchildren not even born at the time.
For far too long councils and other quasi-governmental bodies have been recording our racial details for no good reason. What business is it of theirs whether someone applying for planning permission or a parking permit is black, white or green?
Anyway, perhaps now we can request all the data that they hold about us and the reason keeping it, point out that it was obtained coercively and that we do not consent to them storing or processing it.
Personally, I always tick the "Other" box and write "Human". It's only been rejected once.
I just say "prefer not to say". It's meaningless anyway, since it's all about "self identification".
I have never understood the logic that putting your race on an application form is a good way to prevent racism. Surely a better way is to NOT put your race, so any weeding out is done on merit. It's also totally contradicting the logic which says you eliminate ageism by removing the date of birth ...
Using monitoring and quotas is simply ignoring dealing with the real issue - which is why certain sections of society seem incapable of doing well.
And now the fun bit: implementation
A number of very large providers are already operating on the wrong side of the EU Data Protection directives - how is this going to be handled? A few months grace period in which they are required to clean house by, for instance, EXPLICITLY asking their users for permission?
I'd be interested to know, because there are a couple of cases sort of hanging in mid air right now..
"The sensitivity of personal information should be determined by the reasons behind why the information is to be processed, the UK's data protection watchdog has said."
Bollocks. The sensitivity of the personal information should be determined by whom the information concerns, and no-one else, period.
If access control is locked into the classification of a record, it should be fairly simple to spot attempted abuse at source. Unfortunately, our political masters have chosen to redefine access control as them having access to all our data in order to better control any sudden outbursts of common sense.
The ICO. Spineless or thoughtful?
I'll note that the stated purpose for which the information is collected could change after collection.
Would those organisations re-contact people in order to ask for their permission again
I think not.
Let me suggest there are clusters of uses for data.
You as an individual. You as an employee of a company or part of a group.
The former are difficult to change, the latter easier.
But at heart it's not their data.
Collecting Race Sexual preference data?
My wife was arrested in the old Apartheid era South Africa for opposing the government collecting that sort of information.
There is no justifiable reason to collect this data. It is wrong it is intrusive and as sure as night follows day it will be used to persecute targeted groups, maybe not today or tomorrow but at some time in the not too distant future.
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64
- Apple 'fesses up: Rejected from the App Store, dev? THIS is why