The first question is 'is it personal data?'. If the photos are taken
'photographically', it is possible that they do not meet the definition of a
relevant manual file ('a set of data structured, ... etc'). However, if
they are taken by 'equipment operating automatically ...' and the people are
identifiable, then they will constitute personal data, I believe.
Once it is personal data, all the Principles apply. So:
* is it fair? does the Data Subject know who the Data Controller is
and what their Purpose(s) are, including any that are not obvious?
* does it meet one of the schedule 2 conditions? The data is clearly
not, in this case, processed with consent, and it may be unwise to use the
sixth condition (the Data Controller's legitimate interests) if the Data
Subject has specifically refused consent since you may be infringing their
rights, freedoms or legitimate interests. Necessary for the contract? No.
Necessary under a legal obligation? Unlikely.
* how long is the data kept (fifth Principle)? Fairness might
suggest that the Data Subjects should be told.
* Data Subject rights: if the idea is to try to sell a copy of the
photo to the person in it, could you argue that one of the purposes is
Direct Marketing ('communication by whatever means directed to the Data
Subject')? In this case there would clearly be a right for the Data Subject
to require (but in writing) it not to be used for that purpose. If a
specific photo is not to be used, how does it comply with the third
Principle (relevant and not excessive)? In which case you shouldn't take it
in the first place.
None of it is clear cut. The easy way out for the London Eye would be to
act on a request by someone not to be included, in order to avoid possible
challenges. But the question of photos taken in public places does raise a
lot of questions, and I'd be interested in other people's replies, too.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: Charles Oppenheim <[log in to unmask]>
To: <[log in to unmask]>
Sent: 14 May 2001 15:24
Subject: data protection implications of the London Eye
> As anyone who has visited the London Eye will be aware, they take a photo
> of groups of visitors as they enter the Eye. Photos of those groups are
> then on display at the exit. It is therefore very easy to see (and in
> principle identify) individuals who were on the Eye recently, or are
> following you.
>
> A colleague was unhappy about being photographed in this way and asked not
> to be included, but was told by a London Eye official "sorry, you are
> required to be photographed, this is a condition of being allowed on the
> Eye". This was a verbal explanation. No conditions of this type were
> indicated on booking forms or tickets.
>
> Does this break any data protection Principles?
>
>
> Professor Charles Oppenheim
> Dept of Information Science
> Loughborough University
> Loughborough
> Leics LE11 3TU
>
> Tel 01509-223065
> Fax 01509-223053
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|