Monday, October 23, 2006


Some of the podcasts that I find useful when keeping myself updated on freedom of information/data protection developments include:
  1. FOI Podcast service - a monthly series by Ibrahim Hasan, solicitor and information law expert on the latest developments on freedom of information law.
  2. Out-law radio - updated every Thursday, free 10 minute podcast produced by Out-Law.
  3. Privacy podcast - produced by Aaron Titus and more directed towards the protection of an individual's identity.

Tuesday, October 17, 2006

Data protection law for India?

I was reading through an article this morning about India's Information Technology Act 2000 which is likely to be amended to take account of data protection concerns. What is unclear at this stage is what these amendments will consist of and when they are likely to take effect. However, addressing data protection concerns in India have long been overdue, particularly with the recent Channel 4 documentary highlighting the security failures in a number of commercial call centres which allow detailed financial data on individuals to be gathered and sold on with ease.
Art. 25 of the Data Protection Directive 95/46/EC clearly provides that personal data is not transferred to countries outside the EEA without satisfying an adequate level of protection.
Art. 25
1. The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if, without prejudice to compliance with the national provisions adopted pursuant to the other provisions of this Directive, the third country in question ensures an adequate level of protection.

2. The adequacy of the level of protection afforded by a third country shall be assessed in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations; particular consideration shall be given to the nature of the data, the purpose and duration of the proposed processing operation or operations, the country of origin and country of final destination, the rules of law, both general and sectoral, in force in the third country in question and the professional rules and security measures which are complied with in that country.
These provisions have been implemented in the UK Data Protection Act, Schedule 1, 8th data protection principle:

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

It remains to be seen whether India's laws will be sufficiently vigorous to deal with data protection breaches, but at least, it is a move towards the right direction.

Thursday, October 05, 2006

How much is your personal information?

I was reading through an article where the leader of leader of Bracknell Forest BC has suggested that people who allow their data to be sold to marketing firms could receive council tax cuts. There is more to this:
Paul Bettison told a Conservative party conference fringe meeting that the information from the council's smartcard system could be sold if controls on government databases were loosened."If I could use the information on the 45,000 residents who carry cards, I believe I could be the first council in the country to have a zero council tax," Bettison, e-champion of the Local Government Association (LGA), told the Conservative Technology Forum on 2 October 2006.Such use of the data gathered through the E+ cards, previously known as Edge smartcards, would be voluntary for residents – but for those who did not wish to take part, "it will be £1,400 for a band D," Bettison said.He added that the data held by the council, such as library books borrowed, indications of income and family, could allow companies to target direct mail with enough accuracy to stop it being annoying, as it would present people with offers that were of genuine interest. "Targeted junk mail isn't junk mail," he said. "It's welcome if it's relevant to me.
According to the same article, the Council has indicated that it has no plans to follow up on the idea, but it raises broader questions not only on the privacy of individuals to control their personal information, but also their right to use their information for a commercial incentive. Certainly, supermarkets have already started this line where you sign up for their store cards and build up points on the card in exchange for discounts such as money off coupons etc... I should add one does not have any objection with anyone signing up for a store card. However, if we ponder about the profiles that are being formed about consumers' shopping habits, then this information is certainly valuable to any marketer.