Hiding behind parliamentry priviledge
Presumably this only applies to parliamentary proceedings themselves, and even then only to the MPs taking part in said proceeedings?
850 posts • joined 3 Dec 2012
Hiding behind parliamentry priviledge
Presumably this only applies to parliamentary proceedings themselves, and even then only to the MPs taking part in said proceeedings?
This is going to be a but long-winded so bear with me, but in essence whether the data is public or not would appear to be irrelevant (as always IANAL)
The second data protection principle states that:
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Since it's public we can assume only (a) will apply here (personal data doesn't stop being personal data just by being published). Now on to schedule 2 of the DPA, which states:
1 The data subject has given his consent to the processing.
2 The processing is necessary—
(a)for the performance of a contract to which the data subject is a party, or
(b)for the taking of steps at the request of the data subject with a view to entering into a contract.
3 The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.
4 The processing is necessary in order to protect the vital interests of the data subject.
5 The processing is necessary—
(a)for the administration of justice,
[F1(aa)for the exercise of any functions of either House of Parliament,]
(b)for the exercise of any functions conferred on any person by or under any enactment,
(c)for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or
(d)for the exercise of any other functions of a public nature exercised in the public interest by any person.
None of which appears to apply to what the Labour party have been doing (unless they truly think that anything is acceptable in the name of politics, and that public interest is the same as party political interest - or that they're confusing 'data subject' with themselves when it comes to 'vital interests'). And of course given previous behaviour by the likes of the Labour party in other cases I would also ask whether adherence to the 7th and 8th principles have been observed to in this case.
If you were a member of their "club" then I don't think they have to stop unless you cancel your membership.
Not quite true. Merely being a member doesn't give them consent to do whatever they want, and consent can't be implied by merely being a member. In fact I seem to recall the ICO explicitly saying that you can't link consent to a service or membership of an organisation.
And with regards to the current mess withing the labour party, these aren't even fully fledged members we're talking about - they're 'registered supporters'.
Given the number of people that happen to have the same name, how do they even know that the social media accounts actually belong to those trying to join the Labour party?
(and that ignores the possibility of fake accounts too - there seem to be plenty of those)
This lack of regard towards privacy and rights is common practice in the Labour party it seems, with many of them behaving as if rules apply to everybody except themselves.
God forbid that the ICO actually do something about how the political parties - not just Labour - handle personal details.
...We take our responsibilities under data protection very seriously...
One guess as to who was in power when the home office was asking whether a certain company was 'comforted' by the advice they were handing out regarding an illegal trial of their system across the entire country.
It certainly wasn't the tories.
'very seriously'... complete and utter bollocks...
And the bloat added by operators themselves? Presumably Vodafone plays these sorts of games too, so will they be doing anything about that?
Interesting that when they ask me why I'm cancelling, the form has a set of radio buttons with one for each reason but there isn't a choice for 'unacceptable terms and conditions' or anything remotely close to that. I had to choose 'other'.
This just gets better and better...
'We also share some data with our partners who help us with marketing and advertising efforts, but this information is de-identified – your personal information is not shared with them.'
de-identified != anonymised?
Is this really the big concession it's been made out to be?
And I pay for my subscription, so what they hell are they doing sharing my details with advertisers - 'de-identified' or not?
Interesting that they expect people to pay for the service *and* still have their information shared with advertisers.
At least with the likes of Facebook they're getting all of their funding from the advertisers so their need is easier to justify. Why should I be paying for this if I still get shafted in that way?
When I turned down the new policy, the message told me I could only use the service for up to 30 days before either agreeing or cancelling my account.
In other news regarding servers and jurisdiction...
Microsoft & Google. Now what could possibly go wrong with that one?
You could always let them know how you feel about it.
I'll start caring about the damage done to Shapps when he's thrown out of his party for his other activities. Even if the allegations weren't true in this case he's hardly whiter-than-white after all.
Can we file an FoIA request on Shapps and his activities as Michael Green? (what's good for the goose and all that)
It would be even better if they could do something about the length limit in public tweets.
I wouldn't expect it to ever be much higher, but there have been plenty of occasions where trying to make a reasonably clear and concise point is impossible to do within that limit (at least without resorting to the sorts of abbreviations and shorthand that make my skin crawl).
It's not just FoI that's the problem here. There seems to be a lack of regulation & oversight, even by government never mind the general public.
Who oversees the IWF? What rules do they have to abide by? What consequences do they face when they publish erroneous entries on their list? (without any such consequences you can bet there's no incentive to stop making those mistakes)
This is the sort of thing I'm talking about: it looks like there has been zero consideration put into what should happen when mistakes happen.
And they will happen - that much is inevitable.
serious nature of what is been sought and discovered then the bar will be set higher and the follow up action be more robust.
Governments & charities are more worried about missing cases than they are creating problems for innocent people or potentially destroying their lives. If you want evidence of that then look on the other side of the pond and their approach to 'no fly' lists.
The article info-graphic also mentions PhotoDNA hashes "to identify images even if the image has been altered".
Which in turn suggests the possibility of false positives.
For that matter who gets to oversee the work of the IWF?
then the very nature of the work means that the image would need to be looked at by a live operator who is quite capable of telling the difference between a tourist picture of the Colosseum and an image depicting child abuse.
What do Microsoft or Google do between receiving the hash & finding a page with images that match and then getting around to examining them? Just de-list whatever page is hosting them?
You'd have hoped so, however some companies love automated processes. It saves them money.
Avoid using mechanisms that have proven weaknesses for one thing.
And have some well established way of dealing with errors that doesn't leave webmasters at the mercy of such systems with no way of appealing mistakes (as appears to have happened with internet filtering).
I'm not objecting to this happening, I just object to this continual lack of consideration of what should happen when things go wrong (as they inevitably do eventually). Nobody ever seems to face any consequences and as a result the same sorts of mistakes are made again and again.
Isn't MD5 subject to certain issues? The term 'collision attack' comes to mind where two values can produce the same hash. Presumably this sort of weakness means that it's possible for innocent images to be caught up in the dragnet.
And as for anything to do with capabilities provided by 3rd parties, will those 3rd parties be accepting responsibility for any false positives or negatives found as a result of using their systems? Will those using said systems face any consequences if/when problems occur?
Or (as I would personally expect) will everybody get off scot-free, and all because it's 'for the children'?
“Current penalties for serious data breaches do not deter individuals who are seriously considering breaking the law,”
Employees of a data controller can't normally contravene the DPA unless it's a section 55 offense related to illegally obtaining personal info.
Who should be charged and on what legal basis should they be dragged into court?
1) Visit one of Samsung's high street stores. Get one of their sales staff to use their internal contacts.
That assumes they'll want to help. If it's anything like the 3 or other phone stores I've visited in the past, then they'll do their level best to avoid doing anything that doesn't involve selling you something.
2) Carphone Warehouse.
After the hack? Really? When they won't even tell people how far back the compromised data goes or accept that relying on stored email addresses to contact people isn't enough when they might have changed?
I asked Samsung whether it was normal practice to ignore customer complaints. Their only response - understandable I suppose - was to ask if I had a reference number. (I suppose they assumed I was the one that had made the complaint).
I'd suggest sending email to the CEO (possibly using a temporary hotmail account set up for that in order to avoid any spam listing). But then this is just suggesting the obvious...
The only other thing I have to add is that providers seem to be abandoning their phones more quickly these days. Even a number of years ago this was happening with other companies like HTC and their HTC Desire model - after about a year it wasn't being supported any more. From Samsung's point of view the Note 3 is no longer the flagship phone - the Note 4 has taken that place.
Not that any of that excuses the responses of them that could easily be considered rude, but it might explain things at least since they appear to no longer consider it a handset worth supporting (at least if the responses you received are anything to go by).
In any case it might be worth avoiding them in future, especially since there are already rumours that the S7 might be released earlier than originally planned - this sort of planned obsolescence is only going to get worse for them if they increase the rate at which they release them.
Come to think of it: if it's a Note 3 then presumably it was bought within the last 2 years? Legally all such items bought within the EU have to have at least a 2 year warranty period (again IANAL). It might be worth threatening them with reporting them to Trading Standards since they would appear to have an obligation to either fix or replace it.
I would have felt less offended about it all if they'd even offered a loan handset, for the time it was to be away, but they didn't.
IIRC there's a plugin for Skype called Pamela that allows you to record the call.
One possible reaction would be to use it. Give them one last chance by calling them. Record said call, give them a liberal amount of rope to hang themselves with and if - as will probably happen - you don't get what you want you can include the entire conversation with them as an attachment in the email to the CEO (plus you can also use it to publicly shame them on Twitter if you're so inclined).
Of course doing that without telling them that the call has been recorded might be legally dubious. IANAL, so be careful.
I mean, that must be the easiest and most common repair ever, surely?
Not necessarily. If memory serves shortages in screens has been an issue over recent years, so it would only be an easy repair in the sense that it would be in the terms of the process of swapping the broken one with the new one, not the process of obtaining the new one in the first place.
Then surely it's their responsibility to replace it with a similar device - I.e. a note 4?
(If you mange to put off any replacement for a few weeks you might even manage to get a Note 5 since it's due out soon)
As for the CEOs email address:
What gets me is that providers are continually allowing themselves off the hook with the excuse 'not our fault guv' (much as ISPs do with the internet filtering whenever anything goes tits up there too).
Enough of that bullshit. The service providers *chose* to use these lists, and they should be made to answer for any mistakes that result from that choice.
Perhaps if that happened they would be putting more awkward questions to the list providers before using their products and these frequent 'false positives' - which in turn suggest sloppiness on the part of those providing the lists - might happen less frequently.
After what happened with Bradley (Chelsea?) Manning & especially Snowden why on earth did he have the opportunity to burn sensitive material to a CD in the first place?
It's interesting to see how the authorities never want us to think about how they managed to cock things up too.
Great: now I've got a certain Blackadder episode stuck in my head, since even within the same language there can be problems (even more so when people want it).
My most enthusiastic contrafribularities.for having made such an excellent suggestion by the way. I hope I didn't confuse there - I'd be anispeptic, frasmotic, even compunctuous to have caused you such pericombobulation. :)
The complaint has already been sent, although I have yet to receive any confirmation.
Another thought: how can any data protection regime be run acceptably when it involves shifting responsibility from one country to another? How many languages are there in the EU, and how viable is it to have a system where those making the complaints might well not be understood by those receiving them?
Yep. And because my main email address is different to any of the aliases used for the accounts their only question boiled down to 'give us your email address first', which suggests to me that they just want to specifically stop sending me the spam rather than stop sending any spam in the first place. No explanation of this apparent abuse of the soft opt-in rule.
Well if more people refused to use them, as I have done ever since the "one-click" patent stupidity, they wouldn't be in a position to conduct themselves in such a way.
Another thought: some of the addresses being spammed are those associated with my Audible & Lovefilm accounts. Both of which have since been bought out by Amazon (and in the case of Lovefilm since renamed).
You can try and avoid them but even then they can still end up with your details...
It might also be worth noting that all other emails I get from Amazon are clearly linked to my usage of their services given the contents of said emails.
I would be happy with those links because unless Amazon itself has been hacked then the chances of other people randomly guessing what I've been looking for is sufficiently low to not worry about it.
But if you DO purchase from them, I don't see why, on a technical level, you would be reluctant to click througb a link in an email that originated from them.
Because we can't be absolutely certain the link is valid or that the email is in fact from them (although they don't seem to have disputed it so far). Remember that such emails are unsolicited.
That would be option 'b'.
Personally speaking I would see no reason why I should have to unsubscribe from lists that were never subscribed to in the first place. If I see emails I don't expect to see then the last thing I will be doing is clicking on any links.
Amazon of all people should not be encouraging the wrong sort of behaviour.
The ICOs reaction to it is a little worrying too.
PECR != DPA, and their attempt at confusing the two is not exactly very comforting.
...and ICO says it's powerless to intervene.
As others have noted elsewhere, it's an interesting leap from PECR to the DPA, and may not properly address the question of terratorial jurisdiction.
many arguing that it protects minority language European films from Hollywood competition
How does turning away people wanting to hand over money protect smaller companies from Hollywood?
It's not just within the EU that geo-blocking is an issue either. Personally I'd still like an explanation as to why British programs like Midsomer Murders & Poirot amongst others are available in the US on netflix but not the UK. In some cases BBC programs also ended up available in the US first too.
which implies that rate hasn't changed
Not necessarily. It could just indicate they think the number of child abuse cases is too high even now even though there might be a downward trend (obviously in this context anything more than zero is too much). A way perhaps of emphasising there is more to do.
Playing the part of the pedant for a moment... from the NSPCC page:
Sex offenders are still being convicted at the rate of 2 a day for possessing child abuse images 2 years after the Prime Minister urged industries to ‘obliterate’ them.
Nothing in that suggests that their study covers the entire 2 year period.
'a rate of 2 a day' could still hold true if the length of the snapshot was 50 days. They never say that their sample covers the entire 2 year period, just what the current rate is during the period of their study, which happens to have been conducted two years after Cameron's statement.
As to whether the filter he came up with had anything to do with it - I still think that's bullshit.
Personally I'd expect to see this level of inaccuracy within the headline in the Daily Mail or Express. Not here of all places...
Given how many clinics now refuse to take new patients because of lack of resources, I find it difficult to believe that anything gleaned from this could in any way justify either the cost of asking for & processing the required data or any invasion of privacy that results from it.
...or maybe it's just so they can remind the patient when they've been identified as a regular user that the visit is 'funded by the UK tax payer'. Much like they seek to do with medication costing more than £20. They want to instill as much guilt in people as possible when they use the NHS that they never go anywhere near it.
It's getting to the point where if I went into hospital I wouldn't be surprised if I was fed alphabetti spaghetti and the words 'just die already' end up appearing multiple times in my bowl. Just by chance of course...
The response to the following FoI request doesn't give me much confidence that they have any sort of clue as to what they're doing - they're going ahead with a scheme without even knowing the benefits, and they probably aren't acting with any more precision or clarity when it comes to appointments either.
I would have thought if this had gone through that it would have forced GP practices to abandon EMIS. There would be no other way to comply with the 7th data protection principle otherwise (that steps are taken to adequately protect data). In addition I wonder if EMIS would have committed a criminal act had they complied?
A new flaw?
Time for a new fine perhaps?
Not sure what's with the downvotes, but consider this:
- Anything remotely private or otherwise considered outside the scope for publication has to be redacted from anything released to the public (probably not the case with other legal requirements mentioned elsewhere in this thread since presumably the information is being provided to the government rather than the general public)
- Such redaction probably has to be done by hand, since it's difficult to believe that automated systems could be trusted to do the job with sufficient accuracy.
- More emails to trawl through means more work. This is unavoidable and the cost of the storage will not change that.
Storing emails for longer means that it will actually be easier to hide information, not more difficult, since it will make it far easier for government departments to use s.12 of the act (excessive cost) to deny access. That greater ease in denying access IMO strongly suggests that avoiding the impact of FoIA is not the aim here.
If it was then they would have an interest in keeping things as long as is humanly possible to make any trawl of the information too expensive.