Agreed. There is no legal certainty. "there is considerable flexibility

in the 

application of the rules to the data..." simply means in each case we

must try and guess what the regulator : ICO - FTT - Court, will decide

is fair and proportionate. Sometimes it is reasonably predictable,

others it is not.





Phillip Bradshaw



Information Manager 

Democratic Services



Room CY4A, County Hall



EMail: [log in to unmask]



Phone:         029 2087 3346

Mobile :        07890 265987 



Fax:              029 2087 3349



Fax:              029 2087 3349



You're digging it round and it ought to be square 



-----Original Message-----

From: This list is for those interested in Data Protection issues

[mailto:[log in to unmask]] On Behalf Of Andrew Cormack

Sent: 02 June 2010 13:12

To: [log in to unmask]

Subject: Re: [data-protection] Google has mapped every WiFi network in

Britain



Renzo

Thanks for confirming my impression.



I do find that every time I read that paper I add more and more question

marks to my think-bubble marked "legal certainty?????"



Cheers

Andrew



> -----Original Message-----

> From: Marchini, Renzo [mailto:[log in to unmask]]

> Sent: 02 June 2010 09:45

> To: Andrew Cormack; [log in to unmask]

> Subject: RE: Google has mapped every WiFi network in Britain

> 

> @AndrewCormack

> "But if you combine the wide definition with the absolutist 

> requirements in the Acts and regulator guidance (e.g. "encrypt all 

> personal data on portable media") then you quickly get to a stage when



> it's impossible to comply with the Act. For example if the source 

> addresses on IP packets are personal data, how can an ISP lawfully

send

> them to servers outside the EEA?"

> 

> I agree. Indeed, in the Opinion you cite, the WP also say in arguing 

> that there should be a wide definition that:

> 

> "In those cases where a mechanistic application of every single 

> provision of the Directive would at first sight lead to excessively 

> burdensome or perhaps even absurd consequences, it must be first 

> checked ..... whether the Directive itself or national legislation 

> adopted pursuant to it do not allow for exemptions or simplifications 

> with regard to particular situations in order to achieve an

appropriate

> legal response while ensuring the protection of the individual's

rights

> and of the interests at stake. It is a better option not to unduly 

> restrict the interpretation of the definition of personal data but 

> rather to note that there is considerable flexibility in the 

> application of the rules to the data." (my emphasis)

> 

> In other words, proportionate application of the rules.  When I have 

> spoken about this at conferences, I have made the point that this is 

> incredibly disingenuous on the part of the WP. In relation to many 

> aspects, it is black or white. If personal data, you must. If not 

> personal data, you don't have to. Subject access requests, adequacy of



> transfers, and so on.  (In fact, under the 8th principle, the UK - but



> no other member state I believe - does allow the sort of flexibility 

> they are alluding to with the "self-assessment" approach - but that is



> another topic.

> 

> Renzo Marchini

> Dechert LLP

> +44 (0) 20 7184 7563 direct

> +44 (0) 20 7184 7001 fax

> [log in to unmask]

> www.dechert.com

> 

> -----Original Message-----

> From: Andrew Cormack [mailto:[log in to unmask] 

> <mailto:[log in to unmask]> ]

> Sent: 02 June 2010 08:55

> To: Marchini, Renzo; [log in to unmask]

> Subject: RE: Google has mapped every WiFi network in Britain

> 

> Some of the Art29WP's comments actually go further, and suggest that 

> they think any identifer that permits recognition of the same

equipment

> is personal data, even if there is no possibility of linking it to a 

> name or address. For example (from Opinion 4/2007):

> 

> "At this point, it should be noted that, while identification through 

> the name is the most common occurrence in practice, a name may itself 

> not be necessary in all cases to identify an individual. This may 

> happen when other "identifiers" are used to single someone out. 

> Indeed, computerised files registering personal data usually assign a 

> unique identifier to the persons registered, in order to avoid 

> confusion between two persons in the file. Also on the Web, web 

> traffic surveillance tools make it easy to identify the behaviour of a



> machine and, behind the machine, that of its user. Thus, the 

> individual's personality is pieced together in order to attribute 

> certain decisions to him or her. Without even enquiring about the name



> and address of

the

> individual it is possible to categorise this person on the basis of 

> socio-economic, psychological, philosophical or other criteria and 

> attribute certain decisions to him or her since the individual's 

> contact point (a computer) no longer necessarily requires the 

> disclosure of

his

> or her identity in the narrow sense. In other words, the possibility

of

> identifying an individual no longer necessarily means the ability to 

> find out his or her name. The definition of personal data reflects

this

> fact."

> 

> I can see why you might want a definition that wide, because some 

> processing of those identifiers could lead to significant privacy 

> breaches. But if you combine the wide definition with the absolutist 

> requirements in the Acts and regulator guidance (e.g. "encrypt all 

> personal data on portable media") then you quickly get to a stage when



> it's impossible to comply with the Act. For example if the source 

> addresses on IP packets are personal data, how can an ISP lawfully

send

> them to servers outside the EEA?

> 

> Andrew

> 

> > -----Original Message-----

> > From: This list is for those interested in Data Protection issues 

> > [mailto:[log in to unmask] <mailto:data-

> [log in to unmask]> ] On Behalf Of Marchini, Renzo

> > Sent: 01 June 2010 15:41

> > To: [log in to unmask]

> > Subject: Re: Google has mapped every WiFi network in Britain

> >

> > But if you think the statement "Ena Sharples lives in Coronation 

> > Street" is personal data about that character, then "MAC 1234567890

> is

> > used in Coronation Street" may well be personal data about the 

> > individual using that MAC number (if you buy Mr Hustinx's argument,

> of

> > course).

> >

> > So I think IP Addresses and Mac Numbers are the same.   You don't

> need

> > to know (in the sense of name/address/passport number/tap an live 

> > person on the shoulder)) who uses the IP/MAC to be processing

> personal

> > data.

> >

> >

> >

> >

> > Renzo Marchini

> > Dechert LLP

> > +44 (0) 20 7184 7563 direct

> > +44 (0) 20 7184 7001 fax

> > [log in to unmask]

> > www.dechert.com

> >

> > -----Original Message-----

> > From: This list is for those interested in Data Protection issues 

> > [mailto:[log in to unmask] <mailto:data-

> [log in to unmask]> ] On Behalf Of Roland Perry

> > Sent: 01 June 2010 15:35

> > To: [log in to unmask]

> > Subject: Re: [data-protection] Google has mapped every WiFi network

> in

> > Britain

> >

> > In message

> > <[log in to unmask]>, at

> > 13:54:26 on Tue, 1 Jun 2010, "Griffiths, Ian"

> > <[log in to unmask]> writes

> >

> > >I think if one argues that IP is PD then the MAC being so would

also

> > >be the case.  Particularly as the web logs which contain IP are

> > comparable

> > >to the war driving logs which Google now possesses.

> >

> > But most of the time the Streetcar can't tell which of the

> surrounding

> > houses contains each access point, nor do they have the details of

> the

> > owner of the AP.

> > --

> > Roland Perry

> >

> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> >      All archives of messages are stored permanently and are

> >       available to the world wide web community at large at

> >       http://www.jiscmail.ac.uk/lists/data-protection.html

> <http://www.jiscmail.ac.uk/lists/data-protection.html>

> >      If you wish to leave this list please send the command

> >        leave data-protection to [log in to unmask] All user 

> > commands can be found at 

> > http://www.jiscmail.ac.uk/help/commandref.htm

> <http://www.jiscmail.ac.uk/help/commandref.htm>

> >  Any queries about sending or receiving messages please send to the 

> > list owner

> >               [log in to unmask]

> >   Full help Desk - please email [log in to unmask] describing

> your

> > needs

> >         To receive these emails in HTML format send the command:

> >          SET data-protection HTML to [log in to unmask]

> >    (all commands go to [log in to unmask] not the list please)

> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> >

> >

> >

> >

> >  This e-mail is from Dechert LLP, a law firm, and may contain 

> > information that is confidential or privileged. If you are not the 

> > intended recipient, please delete the e-mail and any attachments,

and

> > notify the sender. Dechert LLP is a limited liability partnership 

> > registered in England & Wales (Registered No. OC306029) and is 

> > regulated by the Solicitors Regulation Authority. A list of names of



> > the members of Dechert LLP (who are solicitors or registered foreign

> > lawyers) is available for inspection at its registered office, 160 

> > Queen Victoria Street, London EC4V 4QQ.

> >

> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> >      All archives of messages are stored permanently and are

> >       available to the world wide web community at large at

> >       http://www.jiscmail.ac.uk/lists/data-protection.html

> <http://www.jiscmail.ac.uk/lists/data-protection.html>

> >      If you wish to leave this list please send the command

> >        leave data-protection to [log in to unmask] All user 

> > commands can be found at 

> > http://www.jiscmail.ac.uk/help/commandref.htm

> <http://www.jiscmail.ac.uk/help/commandref.htm>

> >  Any queries about sending or receiving messages please send to the 

> > list owner

> >               [log in to unmask]

> >   Full help Desk - please email [log in to unmask] describing

> your

> > needs

> >         To receive these emails in HTML format send the command:

> >          SET data-protection HTML to [log in to unmask]

> >    (all commands go to [log in to unmask] not the list please)

> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> 

> 



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask] All user

commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list

owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your

needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



**********************************************************************

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind.  Opinions, conclusions and other information in this message that do not relate to the official business of the Council of the City and County of Cardiff shall be understood as neither given nor endorsed by it.  All e-mail sent to or from this address will be processed by Cardiff County Councils Corporate E-mail system and may be subject to scrutiny by someone other than the addressee.

**********************************************************************

Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na chyfeirir y neges atoch chi'n benodol (neu os nad ydych chi'n gyfrifol am drosglwyddo'r neges i'r person a enwir), yna ni chewch gopio na throsglwyddo'r neges. Mewn achos o'r fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych chi neu eich cyflogydd yn caniatau e-bost y Rhyngrwyd am negeseuon fel hon. Rhaid deall nad yw'r safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon nad ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith. Caiff unrhyw negeseuon a anfonir at, neu o'r cyfeiriad e-bost hwn eu prosesu gan system E-bost Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu harchwilio gan rywun heblaw'r person a enwir.

**********************************************************************


-- 
Scanned by iCritical.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^