I am not sure "necessary" is as strict in this context as Simon makes
out; otherwise, many, many, many legitimate activities could never be
done. Often, it's the only thing you can rely on. Paragraph 6 becomes
necessary to allow unobtrusive activities! Much of marketing
activities, certainly, would then cease if this were not the case.
ICO guidance says the following:
The Commissioner takes a wide view of the legitimate interests condition
and recommends that two tests be applied to establish whether this
condition may be appropriate in any particular case. The first is the
establishment of the legitimacy of the interests pursued by the data
controller or the third party to whom the data are to be disclosed and
the second is whether the processing is unwarranted in any particular
case by reason of prejudice to the rights and freedoms or legitimate
interests of the data subject whose interests override those of the data
controller. The fact that the processing of the personal data may
prejudice a particular data subject does not necessarily render the
whole processing operation prejudicial to all the data subjects.
Renzo Marchini
Counsel
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of simon howarth
Sent: 23 July 2008 11:42
To: [log in to unmask]
Subject: Re: [data-protection] Alumni Data
I take your point. But in the cicumstances I am not sure that you can
apply any of the Schedule 2 conditions except
the gaining of consent.
You are right that the interest must be legitatimate, but the sixth
condition has the key word "necessary" within
it. Is it necessary that the information be used for Alumni activities.
I would say it's probably less necessary
and more a "nice to have".
Condition 2 is not relevant as there is no contract implied for this
Condition 3 is not relevant
Condition 4 is not relevant
Condition 5 is not relevant
Condition 6 we've covered
This leaves condition 1, as they essentially would like to use this
information but there is no overriding reason
for it to be provided except where there is already an understanding
(informed when they joined as student, maybe)
and this is not the case in this instance - maybe an opportunity to
rectify this for the September/October intakes?
Simon Howarth.
Quoting Paul Ticher <[log in to unmask]>:
> Why is it not fair to say 'unless you say no, we will do ...' ? Of
course,
> you don't comply with the first Schedule 2 Condition, because I agree
that
> failure to reply isn't consent, but you may well meet one of the
others.
> The sixth Condition is the obvious one; it requires the balance of
interests
>
> to be considered: your interest must be 'legitimate', and there must
be no
> 'unwarranted' interference in their rights, freedoms and legitimate
> interests' (not an absence of interference).
>
> To me, the key in this case is not consent but transparency, with an
opt out
>
> as a safeguard in case there is a serious risk to the Data Subject's
rights,
>
> freedoms and legitimate interests.
>
> So I really don't think I disagree with Simon. If you are writing to
ask
> whether their details can be used, failure to reply means you can't.
But if
>
> you are writing to tell them what you are going to do, and can meet
one of
> the other Conditions, failure to reply means you can (even if it's not
the
> ideal situation).
>
>
> Paul Ticher
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> I hereby require any recipient of this message not to use my personal
data
> for direct marketing purposes.
>
>
> ----- Original Message -----
> From: "simon howarth" <[log in to unmask]>
> To: "Paul Ticher" <[log in to unmask]>
> Cc: <[log in to unmask]>
> Sent: Wednesday, July 23, 2008 10:23 AM
> Subject: Re: [data-protection] Alumni Data
>
>
> > I'm sorry, I don't agree with Paul and have experience with ICO
> > involvement of this very thing from a utilities
> > contact point of view.
> >
> > It is not fair to say "Unless you contact us to say no, we'll use
your
> > information" (or equivalent). Absence of an
> > answer is not consent. It is not the same as implied consent via a
form
> > that someone is filling out where a
> > contract may be implied. If the wording is correct on such a
document then
>
> > consent can be implied. However, if you
> > are contacting someone to ask if their details can be used you
CANNOT
> > assume that silence is consent, or state that
> > this will be the case. The ICO provided this guidance several years
ago to
>
> > us when I was doing some work for a well
> > known elastictrickery firm.
> >
> > However, maybe foreseeability may be used here? Is it reasonable for
a
> > student to expect their personal details to
> > be used in Alumni activities? I would suggest possibly, and perhaps
ask
> > the ICO what they think. If they agree,
> > then information may be provided (if you wish) without asking,
although
> > you may decide not to be so draconian.
> >
> > Simon Howarth.
> >
> > Quoting Paul Ticher <[log in to unmask]>:
> >
> >> My view is that it would depend, at least partially, on what you
told
> >> them
> >> when you asked for permission. If you said 'we want to use your
data but
>
> >> we
> >>
> >> need your consent', then non-response = no consent and you can't
use the
> >> data. If you said 'we are going to use your data but you can stop
us if
> >> you
> >>
> >> choose', then you are OK to use the data of those who didn't reply.
> >>
> >> This is a very common trap, which loads of organisations fall into.
You
> >> have basically given people three options ('yes', 'no' and 'no
reply')
> >> when
> >> you meant to give them two (either 'yes' and 'no reply' - which
would
> >> therefore equal 'no', or 'no' and 'no reply' - which would
therefore
> >> equal
> >> yes).
> >>
> >> The only time when three choices make sense is when there are
genuinely
> >> three options - full data on the site ('yes'), no data on the site
('no')
> >> and partial data on the site ('no reply') but unless these were
spelled
> >> out
> >> in the letter, I don't think they are now a reasonable course of
action.
> >>
> >> Paul Ticher
> >> 0116 273 8191
> >> 22 Stoughton Drive North, Leicester LE5 5UB
> >>
> >> I hereby require any recipient of this message not to use my
personal
> >> data
> >> for direct marketing purposes.
> >>
> >>
> >> ----- Original Message -----
> >> From: "Sarah Rainford" <[log in to unmask]>
> >> To: <[log in to unmask]>
> >> Sent: Tuesday, July 22, 2008 3:37 PM
> >> Subject: Alumni Data
> >>
> >>
> >> > Colleagues
> >> >
> >> > I would be grateful for some advice on the following:
> >> >
> >> > We have bought into an external Alumni website provision facility
who
> >> > will
> >> > be acting as a data processor on our behalf. I have been asked to
> >> > provide
> >> > former student data as part of the setting up process. The last
two
> >> > years
> >> > leavers cohort have been canvassed on exit to determine approval
of
> >> > personal data being included on the website. A small minority
replied
> >> > explicit in their refusal and their data will not be included.
> >> > The majority fall into two categories, approx one third who
replied
> >> > with
> >> > permission granted and again I do not have an issue with these.
Approx
> >> > two thirds did not reply, but I have been asked to submit their
> >> > personal
> >> > data for Names and start/end year data to be viewed by other
members.
> >> > My
> >> > understanding is that it will be a member only sign and former
students
> >> > are being contacted prior to launch to invite them to become
members.
> >> >
> >> > I have also been asked to provide the last five years leavers
data for
> >> > names and start/end data only to be displayed. I think from my
> >> > understanding of DPA that displaying even this small amount of
personal
> >> > data would be contravening the DPA as it is being used for a
different
> >> > purpose than it's original purpose(which was enrolment).
> >> >
> >> > I would also be grateful for colleagues comments on the request
to
> >> > provide
> >> > current Personal Tutor names to add to the website for students
who
> >> > subscribe to build their profiles. These tutors have not provided
> >> > permission for their names to be included. Again I am concerned
about
> >> > the
> >> > external website providers request with regard to DPA.
> >> >
> >> > I look forward to your thoughts and comments
> >> >
> >> > Sarah Rainford
> >> > CIS Manager
> >> > Blackpool Sixth Form College
> >> > 01253 394911 Ext:232
> >> >
> >> >
> >> >
> >> >
> >>
>
########################################################################
#############
> >> > This e-mail message has been scanned for Viruses and Content and
> >> > cleared
> >> > by MailMarshal
> >> >
> >>
>
########################################################################
#############
> >> >
> >> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> > All archives of messages are stored permanently and are
> >> > available to the world wide web community at large at
> >> > http://www.jiscmail.ac.uk/lists/data-protection.html
> >> > If you wish to leave this list please send the command
> >> > leave data-protection to [log in to unmask]
> >> > All user commands can be found at
> >> > http://www.jiscmail.ac.uk/help/commandref.htm
> >> > Any queries about sending or receiving messages please send to
the list
> >> > owner
> >> > [log in to unmask]
> >> > Full help Desk - please email [log in to unmask] describing
your
> >> > needs
> >> > To receive these emails in HTML format send the command:
> >> > SET data-protection HTML to [log in to unmask]
> >> > (all commands go to [log in to unmask] not the list
please)
> >> >
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> All archives of messages are stored permanently and are
> >> available to the world wide web community at large at
> >> http://www.jiscmail.ac.uk/lists/data-protection.html
> >> If you wish to leave this list please send the command
> >> leave data-protection to [log in to unmask]
> >> All user commands can be found at
> >> http://www.jiscmail.ac.uk/help/commandref.htm
> >> Any queries about sending or receiving messages please send to the
list
> >> owner
> >> [log in to unmask]
> >> Full help Desk - please email [log in to unmask] describing
your
> >> needs
> >> To receive these emails in HTML format send the command:
> >> SET data-protection HTML to [log in to unmask]
> >> (all commands go to [log in to unmask] not the list please)
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>
> >
> >
> > --
> > Simon Howarth
> > The Information Edge
> > 37 The Grange
> > Cottam
> > Preston
> > PR4 0LR
> >
> > Office: 0870 991 3696
> > Mobile: 07836 365588
> >
> > Webtech Systems trading as The Information Edge, registered in
England No.
> > 3428632. More information available at www.informationedge.co.uk
> >
> > -------------------------------------------------
> > Visit Pipex Business: The homepage for UK Small Businesses
> >
> > Go to http://www.pipex.co.uk/business-services
> >
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the
list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing
your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
--
Simon Howarth
The Information Edge
37 The Grange
Cottam
Preston
PR4 0LR
Office: 0870 991 3696
Mobile: 07836 365588
Webtech Systems trading as The Information Edge, registered in England
No.
3428632. More information available at www.informationedge.co.uk
-------------------------------------------------
Visit Pipex Business: The homepage for UK Small Businesses
Go to http://www.pipex.co.uk/business-services
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|