Feeds
The Register Columnists

Amberhawk Training

Contact Mail Follow RSS feed

Bizarre Tolkien-inspired GCHQ Xmas card CAN'T BE READ by us PLEBS

I have just received from the Dark Web, a samizdat copy of GCHQ’s Xmas card complete with cartoon from Chris Slane. The references (see below) provide a download of the complete Xmas card, which presumably can be printed out on cardboard in hard copy. I think we can assume that the card is genuine as it contains the exemption …
gavel_judgment_channel

£250k fine for dumping council workers' files in Tesco bins, er, binned

I have just read the information tribunal decision and the reasons why the panel quashed the UK Information Commissioner’s £250,000 fine against the Scottish Borders council. The local authority was punished after a worker dumped employees' private data in bins at a nearby Tesco and another unnamed supermarket. It seems clear …

Irish watchdog won't probe Apple, Facebook over PRISM... but COULD IT?

Is the Irish Commissioner correct to claim that he can’t investigate Apple and Microsoft over PRISM? On Friday, Reuters reported that the Irish Office of the Data Protection Commissioner (ODPC) had refused to look at the transfers of personal data undertaken by Apple and Facebook to the United States. An Austrian student …

Of mice, the NSA, GCHQ and data protection

Suppose you see a mouse in your house: is it likely to be the only mouse in your house? The relevance of the question will come apparent when we dig deeper into those infamous “black boxes” allegedly used by the USA’s National Security Agency1, the latest GCHQ mass interception fandango, and the responsibilities of the UK …

How Google lost the trust of Europe’s data protection authorities

Over the last two years, various European data protection commissioners have taken action against Google. Hardly a month goes by without something being reported: a €145,000 (£121,000, $189,000) StreetView fine here or a court case about jurisdiction there. So it is important to understand: “Why is Google on the receiving end …
source: http://defenseimagery.mil/assetDetails.action?guid=9462214573479c7e3ec71f8e6b8d7a454c668c50

Thatcher’s data protection legacy: Just fill out this 16-page form

Successive UK governments have seen data protection more as a cost overhead to be minimised than as an essential protection for the individual in an electronic age. This view started with Margaret Thatcher’s first government and has endured for over three decades. During the 1970s, there were a number of white papers and reports …

Cameron's speech puts UK adoption of EU data directive in doubt

Cameron’s speech puts UK accession to any Data Protection Regulation and Directive in doubt. In yesterday’s speech on the relationship between the UK and the Europe Union, the Prime Minister raised doubts as to whether the UK will adopt both the proposed Data Protection Regulation and the Data Protection Directive in the field …

New laws to shackle and fine the Press? We've got PLENTY already

Prime Minister David Cameron has expressed "serious concerns and misgivings" over bringing in laws to underpin any new body to regulate the press. Mr Cameron told MPs that legislation backing a regulatory body underpinned by statute would "cross the Rubicon" by writing elements of press regulation into the law for the "first …
The Register breaking news

Gaping 'open data' loophole could leave your privates on display

The government has just published its ideas for allowing general access to data, which includes the intention to grant individuals online access to their own personal data. In general, I support this measure but sadly, the Open Data White Paper (PDF) has not even considered that it has widened the privacy problems associated …
The Register breaking news

ICO could smack Google Street View with fine after all

In one of my blogs on Google Street View, I wrote that the Information Commissioner (ICO) could not serve a Monetary Penalty Notice (MPN) on Google when its software captured some personal data from household Wi-Fi systems. This assessment was based on the fact that Google published statements to the effect that only an …

Draft law lets council bods snoop your tax records

The Local Government Finance Bill, now before Parliament, is drafted in such a way that it could permit the routine disclosure of tax records and other personal data held by HMRC to council officers for several council tax-related purposes. The powers also allow HMRC to disclose such details directly to contractors of the …
European Union Flag

Euro wonks lay SMACKDOWN on draft data protection rules

DAPIX is the Working Party on Information Exchange and Data Protection, where delegations of civil servants from the European Union's member states discuss the Commission’s Data Protection Regulation. But the minutes of the meeting held on 23 and 24 February reveal that there are deep divisions as to the content of the …
The Register breaking news

Google’s privacy policy: Incoherent and confusing

Google’s new combined Privacy Policy (March 2012) has been widely criticised by privacy professionals and Data Protection Authorities (in particular the CNIL – the French Data Protection Authority). However, so far the reasons for this criticism have been made in general terms. Here is a more detailed explanation. Google’s …
The Register breaking news

Been smacked by the ICO? Reveal your internal probes

If public authorities are subject to enforcement action by the Information Commissioner (eg, monetary penalty notice, undertaking, audit, enforcement notice etc), they should be prepared for internal reports into why the action was taken to become the target for Freedom of Information (FOI) requests. This is the outcome of a …
The Register breaking news

Euro data protection: Great for punters, not for biz - MoJ wonk

A colleague of mine went to a lecture on the European Commission's proposed Data Protection Regulation last week*. One of the speakers was John Bowman, Head of International Data Protection and Policy at the UK's Ministry of Justice. His opening question to the floor was: "How many of you here represent consumer groups?" Not …
The Register breaking news

Leaked EU data protection draft SHALL. NOT. PASS.

The first impression of this leaked text is that this version of the Regulation is more prescriptive than Directive 95/46/EC and will get up most data controllers and governmental noses. I think the text makes far too many fundamental changes than can be reasonably done via a "Regulation" (which has three times as many Articles …
The Register breaking news

Man gets £12,500 after girlfriend probes his medical data

This is a rare event indeed: a data subject has taken successful action for compensation under section 13 of the Data Protection Act. Normally what happens if a data controller has caused damage is that there is an out-of-court settlement with a gagging (sorry "confidentiality") clause so no-one is the wiser. The claimant …
gavel_judgment_channel

Data Protection Directive revamp: UK looking sidelined?

The EU Justice Commissioner Viviane Reding, Vice-President of the European Commission, and the German Federal Minister for Consumer Protection, Ilse Aigner, have come forward with a joint statement claiming that proposals to reform the 1995 Data Protection Directive will be published by the end of January 2012. It is clear that …
The Register breaking news

What is wrong with the Data Protection Act?

Bad news guys! I have just received my Tribunal Decision which throws out my attempt to find out what is wrong with the UK’s Data Protection Act. The decision means that 60 million data subjects and one-third of a million data controllers will not fully understand why the European Commission thinks that the UK’s implementation …
The Register breaking news

Are IP addresses personal data?

Let’s revisit that old chestnut: “Is an IP address you use in an internet session personal data about you?” The reason: I have just come across two legal references which relate to copyright infringement where the argument that an IP address is personal data was accepted. The first reference I found was the Monetary Penalty …
The Register breaking news

Does Gove’s webmail policy breach Data Protection Act too?

Does the use of Gmail or Hotmail by a Minister's Private Office (in order to evade Freedom of Information (FOI) obligations) also lead to breaches in the Data Protection Act? Well, I can see how this could be the case. The press has raised this issue only in the context of FOI. Yesterday's Sunday Times, for example, noted that …
The Register breaking news

ICO slates local authorities on data protection compliance

The Information Commissioner has called for the commencement of the custodial element of the section 55 offences and expressly criticised data protection compliance by local authorities as being “very bad”. He also criticised data controllers, especially in banks and financial services, as being uncooperative in relation to …
The Register breaking news

'New laws not needed' to block / censor Twitter et al

Comment One of the unanswered questions arising from the August riots is whether the government needs new powers to block the use of Twitter, Facebook and other social media which were used to organise the disturbances. Prime Minister David Cameron suggested, in the immediate aftermath of the rioting, that blocking the use of …
The Register breaking news

NOTW hack-hackage: Inside the personal data press mess

In the middle of the Major years (back in the 1990s), David Mellor, then a Cabinet minister (whose fascination for female toes was discussed by the tabloids, in the "public interest" of course) famously said that the press were drinking at "the last chance saloon". Fifteen years of hard drinking later, the recent events into …
The Register breaking news

Freedoms Bill: Gov may U-turn on personal data and DNA retention

Following last week's U-turn on prison sentencing, I think there is a possibility that the government could change its approach to the retention of personal data on the DNA database. Ministers are clearly worried that they are being labelled as "soft on law and order", especially by the tabloid press. At last week's Prime …
The Register breaking news

Your census data will be kept secret - except from MI5, police, courts etc

Like you, I have received my 2011 census form from the Office of National Statistics (ONS). The cover page prominently states, in bold, "Your personal information is protected by law. Census information is kept confidential for 100 years". Like you, perhaps, I have taken this statement at face value. However, preparing for our …
The Register breaking news

RIPA changes in Freedoms Bill don't protect privacy enough

The “Protection of Freedoms Bill” has a wholly misleading title; the legislation simply does not do what it says on the tin. The CCTV provisions (see here) have more to do with efficient surveillance than privacy protection. We reviewed the Information Commissioner’s concerns about the use of personal data in DNA profiling or in …
The Register breaking news

ICO evidence raises Freedoms Bill data worries

The Information Commissioner (ICO) has just published a critique of the Home Office’s Freedoms Bill, which is being sold to the public as reining in New Labour’s surveillance state. Although there is general applause for the fact that the Government has recognised that there has been excessive intrusion into privacy, the ICO’s …
The Register breaking news

Freedoms Bill good for CCTV, not for privacy

The Protection of Freedoms Bill promotes efficient CCTV surveillance, but not effective privacy. The hype surrounding the CCTV/ANPR provisions in the Protection of Freedoms Bill is misplaced. In fact, I would argue the bill’s provision for a Statutory Code of Practice in the CCTV area represents little change on the privacy …
The Register breaking news

ICO Deputy exposes Data Protection law wish list

Last Friday, data protection day, was commemorated with a meeting organised by the Ministry of Justice in Whitehall. At that meeting, David Smith, the Deputy Information Commissioner (DIC), reviewed the Information Commissioner’s wish list of changes to data protection law. This blog reports on the content of that list. …
The Register breaking news

Prosecutors opt for 'malfeasance' over DPA to charge officials

If you are employed in the public sector, you can forget about offences under the Data Protection Act if there is deliberate misuse of personal data. In the absence of a custodial sentence, in more serious cases, prosecutors are increasingly opting for the blunt instrument that is the common law offence of "malfeasance in public …
The Register breaking news

How GCHQ keeps tabs on FOI requestors

Following an FOI request instigated by yours truly, it has emerged that GCHQ are keeping tabs on FOI requestors. Even those requestors who have asked public authorities for a copy of GCHQ’s widely distributed, declassified, IT security documentation... The circumstances of my request illustrates why the FOIA exemption (Section …
The Register breaking news

UK weakens supervision of Data Protection Act

I have concluded that proposals published by the government in relation to “the bonfire of the quangos” (the Public Bodies Bill) and in relation to reform of parliament (the Parliamentary Voting System and Constituencies Bill) can both serve to weaken the effectiveness of the supervision of the Data Protection Act. There is a …
The Register breaking news

Commissioner plays poker with Google

The Information Commissioner has been widely condemned by privacy activists for his perceived inaction with respect to Google. Although he concluded that it was likely that there was a significant breach of the Data Protection Act when Google Street View cars collected Wi-Fi data as part of their street mapping exercises, he …
The Register breaking news

Spending Review? Why not axe the Information Commissioner?

I have come to the conclusion that there is a credible argument to scrap the Office of the Information Commissioner. No, I have not lost my marbles. Nor have I received a backhander from Google to fund our new Amberhawk website. This is a credible argument that can be made, especially at a time when deep public sector cuts are …
The Register breaking news

Project Champion Report misses targets

On 30 September, the Chief Constable of West Midlands went on TV to apologise for its plans to undertake comprehensive and overt CCTV surveillance of all cars and individuals who entered or left the Sparkhill area of Birmingham. This apology comes even though “No cameras associated with the Project have ever been used” and the …
The Register breaking news

ConLibs get shifty on spam and behavioural ads

Last week, the government published its ideas as to how it would implement the changes to EU Directive 2002/58/EC. In relation to spammers and behavioural advertising it has decided to keep the low privacy standards that were acceptable to the previous New Labour government. The changes discussed in the consultation (pdf) are …
The Register breaking news

Police legal advice gives spam RIPA protection

The voicemail hacking incident is still exercising MPs – especially the Labour ones who did little to protect individual privacy during the party's decade in power (see last week’s blog). So when Assistant Commissioner John Yates of the Metropolitan Police Service (MPS) gave evidence on “Specialist Operations” to the Home …
The Register breaking news

Custodial offence for deliberate invasion of data protection? Forget it!

I must confess that I find it rich that New Labour Ministers, who were in government for more than a decade, are now huffing and puffing about their “phone inboxes being hacked”. The sad truth is that, in government, they could have done a great deal to protect individual privacy by making such hacking a custodial offence. In …
The Register breaking news

Data protection and surveillance: Swapping the speed camera for ANPR?

When on holiday in the Dordogne two weeks ago (feels like two months now!), I picked up a Sunday Times newspaper which stated that the government was reducing grant-funding for speed cameras. This was given the thumbs-up by the paper which reported that many motorists see such cameras as a tax first and a life-saver second. Some …
The Register breaking news

Perv scanner code of practice still a balls-up

A blog reader asked me to look at the code of practice on the acceptable use of body scanners to enhance security at UK airports. The consultation period associated with the code ended four weeks ago, so I apologise for a severe case of “better late than never”. In summary, the code still ignores several key issues. However, to …
The Register breaking news

Info Commissioner must justify why stats data are personal

Sadly, there is more data protection case-law arising from the conflict over requests for personal data made under freedom of information (FOI) legislation, than there is when there is a data protection conflict. This state of affairs is the result of the fact the Commissioner has to publish a Decision Notice in relation to a …
The Register breaking news

Terror data handover seriously flawed

The European Union has redrafted its agreement with the US Treasury which requires Europe’s financial institutions to transfer details of global financial transactions to the US. The revised Draft Agreement is to be put to the European Parliament in July for approval, despite a text containing significant privacy defects and …
The Register breaking news

Bill defines 'personal information' to avoid strengthening DPA penalties

Ah, the reality of power. For all the opposition talk about strengthening the protection of privacy, in the first weeks of government, the pro-privacy proposition has become more difficult to implement. The inevitable result is that gears are being put into neutral or reverse (as quietly as possible, mind you). So it is with the …
The Register breaking news

Controlling the fallout of a data loss

If readers want to examine an interesting example of how to manage a data loss, have a look at what happened at the London Borough of Barnet. A data loss involving 9,000 children followed a burglary of the home of a member of staff. The loss included the council’s computer equipment (a laptop), CD Roms and memory sticks, along …
The Register breaking news

More questions over biometric ID cards and national security

In the last ten days we have learnt that “persons unknown” stole the identity of British citizens and cloned modern UK passports to enter Dubai to perform an assassination. Last week, the Foreign Secretary got up in the House of Commons to say that his legal action before the Court of Appeal was to protect intelligence vital to …