Posts by Derichleau

Cheggers Plays Doc

How about Keith Chegwin as the Doc and Maggie Philbin as his sidekick.

We need this in the UK

I've started a petition for the UK to achieve something similar. Basically, if a company wants to specifically target UK consumers (and UK data subjects) by operating a .co.uk website, then they should be a UK-based data controller.

It'll never work

The overwhelming majority of YouTube readers visit their site for something to do. As soon as they start charging those people will just find somewhere else to go.

Long overdue

This is long overdue. Let's face it, if UK companies actually understood the Regulation 22 rules then I am of the opinion that it's a pretty fair system. Unfortunately many don't. Regulation 22 states that a company can opt you in to marketing by default - so that the individual has to perform some kind of action to opt-out, only if they are collecting the information when making a sale or when someone is enquiring about a sale - obtaining a quote for example. In other words, if there's no possibility that submitting the form will result in a sale, such as a generic contract form, then you should be opted out by default. But if a company had a contact form that was specifically for contacting their sales department then that could be opted in by default.

In a recent example I switched my electric provider to M&S, and the service is provided by SSE. As part of the account I was advised to create an online account with SSE, and in doing so they had opted me in to marketing by default on the registration form. But I purchased the electric from M&S and I purchased it before Christmas. So I've already done the deal and signed-up to the service so SSE should have me opted out by default - because I'm not registering with them to enquire about or make a sale; I'm registering with them to manage my account. As such, the Regulation 22 rules are not satisfied.

So I'll be contacting SSE this week to remind them: www.mindmydata.co.uk

Block withheld numbers

If Ofcom introduced legislation to make it free to opt-out of calls where the caller has withheld their number, then perhaps more people would take up this option. Then they should introduce legislation that makes it easy for an individual to take legal action against these companies, especially if you're registered with the TPS.

I got an out of court settlement when Littlewoods kept phoning me despite the fact that I had told them that they had the wrong number:

http://www.theregister.co.uk/2007/05/14/phone_spam/

Barns & Noble are not a UK retailer

Although Barnes & Noble may have retail outlets in the UK the UltraViolet website is operated by a US data controller. If you want to hand your personal data to yet another overseas company and forgo the statutory rights afforded you as a UK data subject then by all means register.

I think it's important to distinguish between a UK retailer that operates under UK laws and has a legal obligation to uphold the statutory rights of it's UK data subjects, and those that don't.

While they're at it...

It might be a good idea too to bring in legislation to ensure that only UK-based data controllers can operate a .co.uk website. At the moment we have a situation where Amazon are asking their Kindle Fire customers to pay £10 to opt-out of of direct marketing being served to their new Kindle. But as UK data subjects we all have a statutory right to opt-out of direct marketing with a company under section 11 of the DPA98. How does Amazon get around this? They operate the Amazon.co.uk website with a European-based data controller rather than a UK-based one and thus deny us of our rights.

If they specifically wish to sell to UK consumers then Amazon should honour our data protection rights in my opinion and appoint a UK-based data controller.

Where's the UK equivalent to Amazon?

If a company like Argos was actually able to compete with Amazon I would much rather do business with a UK based company that pays UK tax and complies with UK data protection laws. Amazon.co.uk's data controller is based in Europe so as soon as you start using their services your rights as a UK citizen are not being upheld.

The law should be changed so that any company operating a .co.uk website should be based in the UK, pay the proper tax and comply with our laws.

You can stop all advertising from a UK-based data controller

The Information Commissioner is of the opinion that all advertising - even generic advertising - appearing within a logged-in website is likely to be directed at an individual and therefore constitutes direct marketing. As such, if you're unhappy with advertising appearing within the logged-in pages of a UK-based website then you can send them a section 11 request to stop. If they fail to remove the adverts then submit a complaint to the ICO. http://www.mindmydata.co.uk/

Acronis vague about data controller question

I was interested in their online back-up but when I looked at their privacy policy on their .co.uk website, they didn't actually state who the data controller was. I contacted Acronis last Sunday to ask them who the data controller was for UK services - expecting to receive a fairly quick response, but they replied asking for more information so that they could forward my request to a salesman.

Acronis want me to pay for their service and have my data stored on their servers but who is responsible for that data and under want laws will that data be stored? This should not be a difficult question to answer.

I'm still waiting for an answer.

Amazon show contempt for our rights as UK data subjects

As UK data subjects we are all entitled to opt-out of all direct marketing from a UK-based company. Amazon operates a .co.uk website and as such, one might think that they comply with UK data protection laws but they don't; the data controller for Amazon.co.uk is based in Europe, not the UK. As such, we as UK data subjects forgo our right under section 11 of the DPA98 to opt-out of the direct marketing that Amazon insist on displaying on their new Kindle. For that reason, I'll be sticking with my basic Kindle.

I kicked these jokers into touch a long time ago

They sent me a promotional e-mail quite a few years after I'd place my last order with them. I wasn't happy that they were still processing my data many years later so I submitted a section 11 DPA98 request and made it clear that I would seek a court order if they continued to send me direct marketing. I won't be doing business with them again.

How about restricting it to registered UK data controllers

If they restricted the sale of .uk domains to registered UK data controllers only, then the user will be confident that the rights afforded them by the DPA98 will apply when doing business with a .uk website. For example, Amazon.co.uk has a European data controller, not a UK one. As such, we as UK data subjects lose a lot of the rights granted to us by the DPA when registering with Amazon.co.uk; including the right not to receive marketing. This is why Amazon's new Kindle Fire comes with advertising by default; because the data controller is based in Europe so we don't have the same rights. If Amazon.co.uk had a UK data controller then you could easily opt out of all advertising from Amazon or take them to court if they refused.

www.mindmydata.co.uk

It's not just bad practice that Tesco are guilty of in my opinion. Tesco's Clubcard is likely to be incompatible with our statutory rights as data subjects because they are unable to separate the marketing from card; if you want a Clubcard then you must have the associated marketing. But section 11 of the DPA98 entitles data subjects to opt-out of ALL direct marketing from an organisation. However , when I asked Tesco to comply with my section 11 request they informed me that they would have to cancel my account. So I can't have an account unless I have the marketing which means that Tesco must have civil law terms - either actual or implied, that are incompatible with my statutory rights. The ICO are investigating.

The best thing you can do with this company

If, like me, you're a former customer and want nothing else to do with Talk Talk, send them a section 11 notice and ask them to cease processing your information to send you direct marketing: www.mindmydata.co.uk

If you're an existing customer watch out for special offers as my dad subscribed to a 12 month special offer at half price but it only lasted six months; then they put the price up. I got involved as my dad is in his 80s, and after getting nowhere with their Indian customer services, I contacted their head office and got them to sort it out. Apparently the person who processed the 12 month discount only did it for 6 months and failed to keep a reminder that he needed to put the other six months through. But why didn't he do it for 12 months in the first place and why, after their customer service people kept my dad talking for nearly an hour, did they not discover the error? Why did it take an investigation from head office? I was going to report them to Ofcom but my dad didn't want to get involved.

The other thing to watch out for too... if you contact Talk Talk and ask them to make a change to your account, this will require you to automatically renew your contract with them and they don't necessarily make you aware of this. That's what head office told me.

I'll never do business with Talk Talk again. I switched to Plusnet last year and haven't look back - good speeds no disconnections and excellent UK-based customer service. It's more expensive but it's worth it.

Get a good mailwasher

I been using Mailwasher Pro for many years which allows me to preview my e-mails on the mail-server before I download them. Any that I don't recognise can be deleted on the server and I never have to download it to my computer. If it's spam I have filters that automatically delete the e-mail and make me aware that the e-mail has been deleted, or that automatically delete the mail without me even knowing. Great for deleting spam based on keywords.

Of the 12,985 complaints they've accounted for 35% of them... what about the rest? I suspect that the majority of the unexplained 65% is made up of direct marketing complaints and the reason why the ICO hasn't mentioned anything about these is because they don't take action over direct marketing complaints.

It's one thing patting themselves on the back but prosecuting government organisations is easy as they have to comply so they can't fight back. How many commercial organisations have the ICO prosecuted?

What's the ICO doing about this?

In the UK, section 11 of the DPA98 entitles us to opt out of all direct marketing from a company by submitting a request for that company to cease processing our data for the purpose of advertising, marketing and public relations. In which case, you could simply submit a section 11 request to Microsoft and they would have to remove the adverts or fact prosecution. But will Microsoft comply with such a request bearing in mind that they're a US-based company.

This is yet another example of our rights as UK data subjects being ignored by non-UK based companies that couldn't give a toss about the DPA98. Twitter, LinkedIn, Skype, Facebook... they all ignore our statutory rights.

The ICO and the government should be doing more to enforce our rights.

Picking on government agencies again

This is yet another example of how the ICO focuses its resources chasing after government agencies. Contrast this with commercial organisations and the ICO don't want to know. The ICO's record of dealing with commercial organisations is appalling. They can't even carry out an audit against a company without first obtaining permission from the company to do so. And they send out mixed messages all the time. For example, I know for a fact that the ICO will not prosecute for a contravention of the PECR2003. Nor will they prosecute for failing to comply with a section 11 DPA98 request. Yet apparently they're going to kick-ass over tracking cookies? How do they explain the inconsistency?

It's easy to make things awkward for Amazon

All you need to do is send Amazon a Section 11 DPA98 request to cease processing your personal data for the purpose of direct marketing and they have to stop all forms of marketing to you or face prosecution by the Information Commissioner's Office.

This includes marketing by post, phone, e-mail, fax, text, and targeted advertising. More importantly, it also includes generic marketing banners that appear within your logged in account pages.

It won't remove all advertising... for example, advertising banners that appear when you are logged in via a cookie are unlikely to be directed at you personally. But once you proceed to the check-out and verify your credentials, then every page you view until you are logged out is being directed at you personally. The Information Commissioner's Office has clarified this.

Amazon would probably just cancel your account though to avoid having to comply. And apparently the ICO wouldn't have a problem with that.

Don't believe the hype

The ICO's claim that they're going to start issuing fines is a joke! They don't take any action under the Privacy and Electronic Communications Regulations 2003, they won't take action against a company for contravening section 11 of the DPA 98 but now they're going to start issues fines for non-compliance of cookie law. If so then it's a travesty!

If they're going to take action at all then they should be prosecuting companies for failing to comply with a section 11 request because this is a for more serious matter. If an individual submits a section 11 request to a particular company then it stops all marketing; including cookie-based targeted adverts

I've submitted two complaints about my bank failing to comply with my section 11 request the ICO have told me that prosecution for this kind of contravention is something they don't want to pursue. But what...they're now going to take action over friggin' cookies?

Please explain the double standards ICO.

www.mindmydata.co.uk

Fasthosts have been going downhill

I've been a Fasthosts customer on and off for over 12 years... I remember the days when there was no support at the weekend so my site would go down on a Saturday morning and I'd have to wait until Monday for them to fix the problem.

They're okay I guess. My main issue with them is that they are one of the more expensive hosting companies but I don't mind paying if the support is there. Recently though, I've noticed that they tend to inform me that they "monitoring the situation" which basically means that if they leave it for a bit the problem will probably resolve itself. As a typical example, they had an issue with the SQL server recently and it was causing my site to be unavailable for long periods. They said that they were monitoring the situation but when I tried to get logged in during my lunch hour at work, my site was down. It was still down 45 minutes later so clearly, they were not monitoring the situation otherwise they would have done something to get it back up.

When you think about how much their costs will have reduced over the years... to continue to charge what they do they either need to be offering a lot more ore providing a first class support. They do neither very well in my opinion but it could be worse.

It's easy to make it stop

According to the Information Commissioner's Office, all advertising - whether the data controller meant to target the data subject for this purpose or not, appearing within the logged in account pages of a data subject constitues direct marketing. This is because the data subject's personal data must be processed as a security check before each and every account page is served to their browser. And of course, if personal data is processed to deliver generic marketing then that generic marketing constitues direct marketing - because it is being delivered to a data subject.

Submit a section 11 request to make the online advertising banners stop.

www.mindmydata.co.uk

What about UK data protection rights

In the UK we have a right to opt-out of direct marketing - including online marketing that is targeted at an individual (Part II, section 11 DPA98). Are generations of UK data subjects going to forfeit this right just because Facebook in a US company. Why isn't Europe and the UK Government protecting our rights?

What about commercial organisations?

When is the Information Commissioner going to start handing out fines to companies? The other month The Register reported on how the ICO were asking companies to volunteer for audits: http://www.theregister.co.uk/2011/07/07/ico_annual_report/

The thing is, most of those companies volunteering are likely to be keen on full compliance anyway so it's unlikely that there are going to be any major issues - you can bet that criminal organisations will not be volunteering. A far better strategy would be to audit those companies that people submit complaints about.

I've reported 30+ abuses of my personal data to the ICO over the years and none of them were ever audited. There are so many examples: Most employment agencies need to be registered data controllers and many are committing a criminal offence by failing to notify. Why don't they audit employment agencies? Another example: The majority of financial services companies use civil law to automatically opt the data subject in to marketing. But these terms are often worthless because an organisation has to obtain consent prior to targeting a data subject with marketing and this statutory obligation cannot be negated with civil law. Nor can consent be obtained by using civil law. So why isn't the ICO auditing financial organisations? Better still, why aren't they working with the FSA to ensure that the banking code requires financial services companies to comply fully with data protection laws and regulations, bearing in mind that this sector is one of the worst offenders when it comes to the abuse of data subjects' rights. Another example: Some companies are opting to cancel accounts to avoid having to comply with the rights of the data subject. Why isn't the ICO ensuring that these companies are operating compliant systems and processes because if they were, then they wouldn't have to cancel accounts.

It's disgraceful!

Another easy kill for the ICO

Yet another example of how the ICO comes down hard on government agencies. The NHS can't fight back as they must comply with the DPA98. What about the tens of thousands of commercial organisations that incessantly abuse data protection laws... when is the ICO going to start getting tough on them? The fact is, if you're processing personal data and you've not notified the ICO, and you're not exempt from notification, then you're committing a criminal offence. What's the ICO doing about these criminals? NOTHING!

I want to see similar fines handed out to commercial organisations the break the law. It's time the Information Commissioner grew a pair.

Can't wait!

I have a list of companies that I'm going to check on the 25th May to ensure that they've implemented the change. If not, I'm going to submit a complaint to the ICO just to see what, if anything, they're prepared to do.

In my experience the ICO is extremely reluctant to prosecute companies. They will not prosecute a company for failure to comply with the PECR2003, and they will not prosecute companies for failure to comply with Section 11 of the DPA98. So I want to see if they're going to prosecute companies for failure to comply with the cookie legislation and if so, why the duplicity? Why enforce one section of the Act but not another?

I'm booking the day off work and if you're listed on my website I'll be checking out your site.

Webmaster www.mindmydata.co.uk

They always go for the easy option

As I've posted on a number of other articles... the ICO bullies government funded organisations - handing out fines here and there, because it's an easy win for them. But when it comes to the private sector, they shy away from taking any action because they don't want to be exposed by the companies lawyers and perhaps not having a full grasp of the law.

As an example, in a recent response from the ICO their policy department told me that a company has a right to send me direct marketing because they need to earn revenue from the advertising and I accepted their terms. But after seeking clarification, they admitted that a) how a company earns its revenue is not the concern of the ICO, and b) a company cannot use civil law to deny me of a statutory right - and I have a statutory right under section 11 of the DPA98 not to receive direct marketing from an organistion. After this embarrassing reversal they refused to discuss the matter further with me so now I have had to escalate the matter to a Parliamentary Ombudsman.

This kind of inconsistancy is rife at the ICO and I believe that they opt to pick on government agencies to avoid having to deal with lawyers representing companies. Can you imagine how embarrassing it would have been had the ICO told the solicitors of a large organisation that they have a right to earn revenue by advertising to data subjects when they actually have no right whatsoever? And this actually came from the ICO's policy team?

webmaster@mindmydata.co.uk

Make sure you use a credit card

If you're going to buy from this company make sure that you use a credit card. By doing so you make the credit card company jointly liable under the Sale of Goods Act 1979. If your product develops a fault after the company has disolved, you can likely claim against your credit card company.

The ICO going for the easy win again

Yet again, we see further examples of how the ICO will take action against governement agencies - because it's an easy win for them. However, ask them to take action against a company that has the resources to argue their case in court, and they don't want to know. The ICO operates a double standard.

Latest update.... they're still toothless!

I can confirm that the ICO is still toothless. My bank has now failed twice to comply with my section 11 request to cease processing my personal data for diect marketing purposes but they have refused to take action. After the first failure to comply the ICO wrote to my bank and told them what they needed to do to comply but they've simply ignore them.

The reason why data protection in this country is so bad is because the ICO focuses on easy wins. If it's a government organisation they're all over them because they know that they will have to comply, but if they actually have to argue the law with a bank's lawyers then they go weak at the knees.

Failure to comply with a section 11 notice twice and they're still refusing to take action. Someone somewhere is giving a misleading account of the ICO.

webmaster www.mindmydata.co.uk

It's not just the TVs though

What about their hard drive recorders with the advertising on the EPG? There has been a torrent of negative comments made about the advertising that displays whenever one views the TV guide, and it put me off buying one. I opted fur the Humax instead.