'One size fits all' EU data law would undermine rights, says Clarke New European data protection law proposals risk compromising freedoms and security, UK Justice Secretary Ken Clarke has said. He said that he opposed a 'one size fits all' approach to European data protection law. "A preoccupation with imposing a single, inflexible, codified data protection regime on the whole of the European …
Beat me to it, does sound just like the last lot.
But if he thinks the current setup works then he's in cloud cuckoo land. In practical terms, businesses can tell any sort of lies about you (like you're a bad debtor) and the credit reference agencies will refuse point blank to place a notice of correction against the false lies. This isn't conjecture, been there and had the fallout - like being refused a mortgage because of it.
What happens if you ask to place a notice of correction is that they'll ask the company concerned. Of course, that company isn't going to say "but of course, we were lying all the time" - they'll just repeat the false statement and the reference agency will turn round and refuse to post the "defamatory" statement.
Defamatory ? Apparently, it's not defamatory for a business to falsely accuse you of being a bad debtor, but it is defamatory for the accused to state that in their opinion the alleged bad debt was due to billing errors which the company refused to correct.
Of course recourse to the law is not available to those who aren't a) exceedingly poor so they can get legal aid, or b) exceedingly rich so they can afford it. For the majority of us we just have to accept that businesses we deal with can tell defamatory lies, the credit reference agencies will repeat them as indisputable facts, and we can do f**k all about it.
If a single EU law would undermine rights, would it do so more than the complete abject failure to implement data protection legislation in the UK at the moment? If he cares so much about rights being undermined, where are his proposals to beef up the toothless, gumless, jawless ICO?
In which case why, apart from incompetence of the relevant authorities, do we have companies selling or giving away personal information that nobody ever *asked* them to give away?
There's only one way to have privacy, and that's to insist that all personal information is strictly personal to the organisation it was given to, and is to be used only for the purposes that it was given. No selling, no sharing.
UK may have privacy laws, but they simply aren't being enforced.
Sorry I'd take this over Nu-Labour. Clarke is still on the side of 'all your data are belong to us' ...
>Plans to tighten the access to data for law enforcement agencies could affect the way Governments tackle terrorism and serious crime, he warned.<
However that seems a more moderate position than "we need to store everything you read, write or say on a big database or Osama Bin Crackdealer will eat your babies"
Another significant difference is that Nu-Labour would have fought for instituting the most-draconian and intrusive regulations uniformly EU wide. So this is even better news if you don't live in the UK.
"regardless of the different cultures"
In our culture, for example, it is considered quite normal to leave USB sticks with confidential data on trains and laptops in car parks.... We also think nothing of mailing millions of tax records details on CDs between various departments and then not bothering to check whether the CDs arrived or not...
Only joking.
Seriously speaking, any EU bureaucratic drive should be taken with a great degree of suspicion and the Govt is right to be sceptic.
""Without reasonably portable health records for example, it’s hard to see how medical services can operate sensibly. Without appropriately regulated data on credit histories, then loans and mortgages might in future be very limitedly available – and might even only be available to the very wealthy," Clarke said."
Well, OK, then, if it's sensible for my health* and credit history** data not to be deleted, then I'll probably act sensibly and won't ask for it to be deleted. Whatever happened to the Tories being the party of personal responsibility?
http://www.telegraph.co.uk/comment/personal-view/3636331/Tories-will-replace-Labour-not-ape-it.html
* because without my medical history the doctor won't know I'm allergic to penicillin and might kill me.
** because without my credit history the bank won't know I'm a reliable fella and will only lend money at extortionate rates of interest. And don't forget CCJs, bankruptcies etc would still be searchable because that data doesn't rely on my consent in order to be recorded, maintained and accessed.
I'm currently living in a country where medical records aren't protable without my say so. Surprisingly it works a lot better than the UK and people aren't dying each year due to "missing" records.
This whole "we need all your details or you'll die" scare thing doesn't really hold water.
...Isn't it interesting how The State concerns itself with the finest granularity when documenting citizens into its own records, yet it only concerns itself with the coarsest when citizens demand reciprocal accountability from The State.
What's needed is a ID system with verifiable authentication that certifies a person who is in possession of an official, unique, not-personally-identifiable alias is in fact a citizen. A citizen might have multiple such aliases; for example, an alias that identifies him/her to one branch of government might not be the same identifier as for another branch (similarly, a different alias for his bank etc.) Thus, except for some very limited/special circumstances, a citizen would have a secure electronic ID that's essentially Independent of his/her real name.
As with Venn diagram intersects, certain special info would be common across all a citizen's aliases to check for fraud etc.
To keep The State honest, corrupt free and to stop any temptation for it (or anyone) to do unofficial data matching outside that permitted by law, aliases/ID would be issued by a certifying authority independent of government. Moreover, the certifying authority would not keep any personal data (it only being used to authenticate aliases/ID at the time of issue).
Such a scheme would assure governments that their services would only go to those citizens who are actually entitled to them whilst still protecting citizens' personal IDs from snoopy privacy incursions. Furthermore, later, more authoritarian governments would risk considerable wrath from citizens if they tried to unravel the scheme.
I seem to remember one of the points Cameron/Clegg ran on as the elimination of the national ID database. And they even honoured their pledges.
Contrast that with the collection of old farts that comprise ACPO, the commercial outfit that benefits by selling government data, who announced a couple of weeks ago that they had scored GBP24,000,000 to enable it to equipment every roadside AND EVERY PRIVATELY OWNED traffic facing camera with number plate reading capability, in real time, with the data to be stored on a new computer to be housed in Hendon. This will only record number plate details and depends on the criminally minded not to switch number plates - a la James Bond.
Clarke, in addition to rendering his thoughts on rapists, also declared he thought 15 years was not an unreasonable time for the U.S. to store PNR information for 15 years.
In case any Register readers aren't concerned, consider that the following information is also collected but not shown on tickets, Numbers refer to PNR fields:
2. Date of reservation; 5. Other names on PNR; 6. Addresses; 8. Billing address; 9. Contact telephone numbers; 11. Frequent flyer information (miles flown and address(es)) (frequent flyer number might be shown on tickets); 16. Split/Divided PNR information; 17. E-mail addresses; 19. General remarks; 23. No show history; 25. Go show information (often used to note a "walk-up" passenger, i.e. someone who presents themselves without a ticket or reservation, and buys a ticket to travel immediately. Some carriers create a reservation on the spot . Other carriers simply sell them a ticket- which might be an "open" ticket, boarding them as a stand-by); 26. OSI information; 27. SSI/SSR information; 28. Received from information (the person who requested the reservation, not necessarily the traveller, e.g. a business associate, personal assistant, friend, family member, etc.); 29. All historical changes to the PNR; 30. Number of travellers on PNR; 33. Any collected APIS information.
The following data might be gleaned from tickets:
1. PNR record locator code (Tickets don't always show any record locator-the CRS record and not necessarily the same); 3. Date(s) of intended travel, airlines, dates, and flight numbers or '"open"; possibly hotel or car hire reservations, tour or cruise bookings, etc., on non-air PNR; 7. All forms of payment information; 10. All travel itinerary for specific PNR (reservations for current flight, and might include reservations for flights not yet ticketed, or ticketed separately, together with non-air components of the travellers such as accommodations, car rental or rail reservations, tours, cruises, etc.) 12. Travel agency; 13. Travel agent-IATA/ARC accreditation number, agent, etc.; 14. Code share PNR info; 24. Bag tag numbers; 34. ATFQ fields.
Register readers can no doubt determine just how invasive this information is to their own situations.
The PNR often contains additional information pertaining to car rental and hotel stays and all the associated data such as affinity cards, etc.
In reality I don't think Clarke, or the present government, has the faintest idea of what privacy is. Additionally, ACPO will undoubtedly build a case for having access to this data so Plod can track a persons movement aided and abetted by knowing cell phone information.
If you want to take some action now, you can do it by using a travel agent and requesting the agent to (1) hold all data not needed to issue a ticket on agency based contact management software; (2) Book hotels and car rental directly, on-line; (3) Use the agency as your contact address and telephone number.
15 years is one hell of a long time to hold any data.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
