David is right.
One must remember that whilst consent is probably the most useful and powerful tool for marketing, consent only
works if what you are consenting to is legal! Otherwise it is null and void.
Simon Howarth.
Quoting davidwyatt <[log in to unmask]>:
> Paul and list
>
>
> With respect to such a contract clause you do have a link to the 'Unfair
> terms in consumer contracts Act' I'm fairly certain I read something about
> this a few years ago where such consent clauses can be unlawful and the
> Information Commissioner is specially mentioned as one of the bodies who can
> rule on fairness. Given the ICO should be looking after the consumers rights
> under DPA you would think these powers would be exercised if a challenge was
> made.
>
> (See http://www.lawcom.gov.uk/docs/lc292bill.pdf - Schedule 1 section 10.
> Although the primary regulator for the UFCA is the OFT references to the
> 'regulator' within the legislation can be read as the ICO)
>
> >What gives me much greater cause for concern is the number of contracts
> >which say "by signing this contract you consent to ... [whatever we want
> >you
> >to]". I don't believe that that approach truly complies with the
> >Directive's requirement that consent be "freely given" unless there is an
> >opportunity to negotiate. I would much prefer the contract to say: "these
> >are the consequences of signing up ... these are your options ... and this
> >is how we protect your interests". Supposed consent of this nature is
> >often the lazy option.
>
> David Wyatt
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Paul Ticher
> Sent: 29 October 2007 12:21
> To: [log in to unmask]
> Subject: Re: [data-protection] Signature for opting in required?
>
> I don't strongly disagree with Simon, but there was a lot of discussion
> about this in the early days of the Act, and I believe the upshot was that
> failure tick a box when returning a form probably does constitute consent.
> The Information Commissioner's legal guidance is cagey. (I'm quoting from a
>
> version I downloaded some while ago, as their web site keeps crashing when I
>
> try to look at the current version.)
>
> My copy says:
>
> "The fact that the data subject must "signify" his [sic] agreement means
> that there must be some active communication between the parties. ... Data
> controllers cannot infer consent from non-response to a communication, for
> example ... failure to return or respond to a leaflet." (Someone please
> tell me if my copy is out of date.)
>
> So, if you *do* respond, but fail to take advantage of a clear opt out,
> there is 'active communication between the parties' and therefore the
> argument goes that the data controller can infer consent. I know this
> doesn't completely follow logically, but silence often is consent - failure
> of an employer to object or intervene in unacceptable behaviour, for
> example, is often interpreted as tacit endorsement.
>
> In practice, a clear statement of what is being proposed, and a clear
> opportunity to opt out, is likely to contribute strongly to compliance with
> the sixth Condition (legitimate interests) and with Principle 1 in general,
> so the question of whether it constitutes consent may not need to be
> resolved. In my training courses I have almost stopped using the word
> 'consent', and concentrate on good practice around opting in and opting out,
>
> as I think this is clearer.
>
> What gives me much greater cause for concern is the number of contracts
> which say "by signing this contract you consent to ... [whatever we want you
>
> to]". I don't believe that that approach truly complies with the
> Directive's requirement that consent be "freely given" unless there is an
> opportunity to negotiate. I would much prefer the contract to say: "these
> are the consequences of signing up ... these are your options ... and this
> is how we protect your interests". Supposed consent of this nature is often
>
> the lazy option.
>
> Paul Ticher
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> I hereby require any recipient of this message not to use my personal data
> for direct marketing purposes.
>
>
> ----- Original Message -----
> From: "Simon Howarth" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Saturday, October 27, 2007 10:20 AM
> Subject: Re: Signature for opting in required?
>
>
> There are a number of issues here which to some extent Paul has covered,
> however I must take issue one of his points.
>
> If the form is sent back with nothing ticked, then regardless of what the
> form is for (in the design you say) you CANNOT take this as consent. Silence
> is not consent. Also someone may have refused consent but simply forgotten
> to tick the box (it has happened many times) so if you publish their details
> I really believe you will get in trouble. Paul stated that you "...probably
> have their consent..."; unfortunately probably is not good enough. The only
> safe thing to do is not publish until you find out otherwise. A redesign of
> the form as Paul suggests is probably a good idea.
>
> The opt-out design of the other association's form is quite reasonable, and
> much easier to manage, but together with Paul's comments you also need to
> consider if any of the information may be considered sensitive personal
> data, because if you are relying on consent to publish, then the DP Act
> states that it must be explicit, which means opt-in.
>
> Regards,
>
> Simon Howarth
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Paul Ticher
> Sent: 26 October 2007 11:05
> To: [log in to unmask]
> Subject: Re: [data-protection] Signature for opting in required?
>
> This depends on two things:
>
> 1) What you want to achieve.
>
> If you want a list of definitely keen people, then go for an opt in. If you
>
> think the greater purpose would be served by having a list of people who are
>
> either keen or don't mind, then consider an opt out.
>
> 2) What you perceive the risks to be.
>
> If the risk of publishing the details is high, then an opt in is by far
> safest way to go. However, if the site is restricted to members - and you
> basically trust your members not to misuse the data - and you are happy that
>
> your security is adequate - then an opt-out is almost certainly adequate.
>
> The best way to administer an opt-out is to piggy-back on something that
> people are sending you anyway (such as a membership renewal).
>
> * You must provide a full explanation of what is involved (in order to
> comply with Principle 1 and - because it is on the web site - Principle 8 if
>
> any of your members are abroad). It may be worth saying that you take no
> responsibility for what other members do with the contact details, but that
> they are provided on the understanding that they are only to be used for
> purposes related to that of the society, and not for marketing - or
> something like that.
>
> * Do not offer both a yes and a no box, because then you don't know what to
> do with people who tick neither.
>
> * If they send the form back without ticking the no box then you probably
> have their consent - because sending the form back without ticking the box
> 'signifies' their consent, and therefore complies with the Directive
> definition of consent.
>
> If you can't piggy-back on something else, make the opting out process as
> easy as possible (e.g. a freepost address or freephone number) - and give
> people several opportunities. They might miss your first announcement, or
> be away at the time. However, be aware that failure to respond in such a
> case does not count as consent, because the members have done nothing to
> 'signify' their preference. You therefore have to comply with one of the
> other Schedule 2 Conditions: Condition 6 is the only likely one, and you
> would have to be confident that you are not infringing the 'rights, freedoms
>
> and legitimate interests' of your members by publishing their details
> without consent.
>
> Don't forget that people who have consented can withdraw their consent, so
> you must have a way of responding promptly if people change their minds and
> ask for their details to be removed.
>
> Paul Ticher
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> I hereby require any recipient of this message not to use my personal data
> for direct marketing purposes.
>
>
> ----- Original Message -----
> From: "Linda Haylock" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Thursday, October 25, 2007 3:22 PM
> Subject: Signature for opting in required?
>
>
> We are planning to make our members' database available on our website in
> the spring.
>
> It will be a members only, password-protected area that will include
> contact details of members.
>
> We are presently sending out forms to all our members with the
> statement "I agree to have my details listed in a members-only, password-
> protected area of the website", a 'Yes' tickbox, a 'No' tickbox and a
> space for signature and date.
>
> Quite a large number of people have not sent the form back, or have sent
> the form back without ticking either Yes or No, and the whole exercise is
> becoming costly and time-consuming.
>
> Then I came across another association's form which quite simply said "The
> Society is Registered under the Data Protection Act 1998. If you have any
> objection to your details being included in the Members' List that is
> available only to other Members, please tick here."
>
> Is this latter 'opt out clause' sufficient, does anybody know? Or is a
> signature opting in mandatory?
>
> Linda
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.15.12/1095 - Release Date: 26/10/2007
> 19:54
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.15.12/1095 - Release Date: 26/10/2007
> 19:54
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
--
Simon Howarth
The Information Edge
37 The Grange
Cottam
Preston
PR4 0LR
Office: 0870 991 3696
Mobile: 07836 365588
Webtech Systems trading as The Information Edge, registered in England No.
3428632. More information available at www.informationedge.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|