Data Protection Laws - apply to the forum?

Oxfordcomma · Nov 1, 2015

Foxholer said:
My understanding is that it's the GM Forum that would have breached the DPA - as the organisation that provides the environment on which the private data was published!

You are correct however - in that the DPA applies to 'organisations, businesses and the government' and not to individuals. That's why it would be the Forum's responsibility to remove the personal data - certainly if requested.

If they declined to remove it, then you could use reference to the DPA to require it to be removed by Forum management! But yes, it's unlikely that you would need to actually do that anyway - it was a (supposedly) deliberately trivial example.

Foxholer, as you say it's all a moot point but I'm not sure I agree with your understanding. GM is liable if this forum is used to defame someone, that's where it becomes relevant that they are the organisation that provides the environment. Data protection isn't applicable though if someone's details are posted by a 3rd party individual, because GM has not obtained those details for themselves.

Foxholer · Nov 1, 2015

Oxfordcomma said:
...Data protection isn't applicable though if someone's details are posted by a 3rd party individual, because GM has not obtained those details for themselves.

And there is where we (will have to) disagree!

In other words...Yes it is!

Oxfordcomma · Nov 1, 2015

Foxholer said:
And there is where we (will have to) disagree!

In other words...Yes it is!

Oh no it isn't! (well it is almost the panto season

)

Or, more accurately, having spent 5 minutes searching ico.org.uk, "it probably isn't, but might be in certain circumstances". I put up your phone number, I don't think it's GM's problem. I put up something about you that I can't prove, you need to have the right to dispute it and possibly have it taken down.

Foxholer · Nov 1, 2015

Oxfordcomma said:
Oh no it isn't! (well it is almost the panto season )

Or, more accurately, having spent 5 minutes searching ico.org.uk, "it probably isn't, but might be in certain circumstances". I put up your phone number, I don't think it's GM's problem. I put up something about you that I can't prove, you need to have the right to dispute it and possibly have it taken down.

Spend a bit longer then and you will see that it is!

Let's continue to use that example....
Sure, it's not GM's fault that it got there in the first place and they are not actually using it (nor is it something actually asked for by GM). But if requested to remove it, then the principles of the DPA - can be quoted to justify its removal! Check the 6th principle here! https://www.gov.uk/data-protection/the-data-protection-act

Of course, the DPA is more oriented to data not visible to the particular individual. Forums and other 'published' media are something of a hybrid - where the organisation is (merely) the host of the data, rather than the initial gatherer. That does not mean, however, that the DPA does not apply to them!

Foxholer · Nov 1, 2015

As a further 'argument' for how the DPA has to apply to the likes of forums etc....

It would be a ridiculous situation where an individual could get irrelevant data removed from an organisation where only some in that organisation actually had access to it, yet could not get it removed - if equally irrelevant - from a public forum/social media etc!

Oxfordcomma · Nov 1, 2015

We're going round in circles and neither of us are actually data protection professionals so I guess we should leave it. It's an interesting question though.

I was basing my statements on this article which applies explicitly to online forums. That seems to say that although the host of a forum does have "data controller" responsibilities, they are not so stringent as the responsibilities for data that you've gathered for your own professional use, and are aimed more at ensuring accuracy rather than privacy.

Hobbit · Nov 2, 2015

Oxfordcomma said:
We're going round in circles and neither of us are actually data protection professionals so I guess we should leave it. It's an interesting question though.

I was basing my statements on this article which applies explicitly to online forums. That seems to say that although the host of a forum does have "data controller" responsibilities, they are not so stringent as the responsibilities for data that you've gathered for your own professional use, and are aimed more at ensuring accuracy rather than privacy.

Data accuracy was the big thing brought in last year. The company I work for spent a fortune on Data Cleansing last year. As well as the responsibility to secure, and control the flow of data, it must be accurate.

chrisd · Nov 2, 2015

I understand that we all want our data protected but it does go too far sometimes. I rang a supplier today to query an invoice for my new employer and they wouldn't speak to me about it as I am not the account holder "nominated" - they'll not get paid a bean as the query wont get dealt with, as I, apparently could be anyone "off the street" - I did point out that so could they be!

The worlds gone bonkers!

Hobbit · Nov 2, 2015

chrisd said:
I understand that we all want our data protected but it does go too far sometimes. I rang a supplier today to query an invoice for my new employer and they wouldn't speak to me about it as I am not the account holder "nominated" - they'll not get paid a bean as the query wont get dealt with, as I, apparently could be anyone "off the street" - I did point out that so could they be!

The worlds gone bonkers!

Good post, but I can't talk to you about it...:ears:

Foxholer · Nov 2, 2015

Oxfordcomma said:
We're going round in circles and neither of us are actually data protection professionals so I guess we should leave it. It's an interesting question though.

I was basing my statements on this article which applies explicitly to online forums. That seems to say that although the host of a forum does have "data controller" responsibilities, they are not so stringent as the responsibilities for data that you've gathered for your own professional use, and are aimed more at ensuring accuracy rather than privacy.

If youcheck out pages 5 and 6 of the document you linked to, you will see whe this forum has no S36 exemption - for several reasons!

True, there is more emphasis in DPA on accuracy - other regulations administered by the ICO cover privacy specifically - but the topic was Data Protection laws in general (a bit of a copout I know).

BTW. I'd be interested to know why the topic was actually raised in the first place!

chrisd · Nov 3, 2015

Hobbit said:
Good post, but I can't talk to you about it...:ears:

that's good cos, as usual, I don't know what I'm talking about anyway!

ger147 · Nov 3, 2015

Best data protection nonsense I had lately was trying to cancel a holiday.

I booked a holiday for someone as a gift but the relationship broke up so I had to cancel the holiday. Altho I booked it and paid the deposit, I wasn't allowed to cancel it as I wasn't the lead passenger.

The reason given was data protection and the even bigger laugh was I was told I wasn't liable for the balance, the lead passenger was. Bearing in mind the lead passenger didn't know (the gift was to be a surprise), the summary is they are liable for the balance unless they call the Police and report it as a fraudulent booking.

So watch out in case anyone books a holiday for you, they only have to pat the deposit, you have to pay the rest!!

Data Protection Laws - apply to the forum?

Oxfordcomma

Challenge Tour Pro

Foxholer

Blackballed

Oxfordcomma

Challenge Tour Pro

Foxholer

Blackballed

Foxholer

Blackballed

Oxfordcomma

Challenge Tour Pro

Hobbit

Mordorator

chrisd

Major Champion

Hobbit

Mordorator

Foxholer

Blackballed

chrisd

Major Champion

ger147

Tour Winner

Similar threads