Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Companies storing your details and the Data Protection Act

  • 12-01-2010 11:55pm
    #1
    mikemac
    Closed Accounts Posts: 19,986 ✭✭✭✭


    Raised this a few weeks ago but for various reasons I requested the thread be deleted. Thanks to mod Tom Young for the helpful feedback on it
    Have done a search before you say I'm lazy :)

    When I signed up to Specsavers for glasses and contact lenses I signed a form. They explained it was to allow them to store my details under the Data Protection Act. Though I've certainly been bombarded with letters so probably a marketing aspect to it too!
    But I am certain I was asked to sign so they could store my details on their computer system

    Now I can call Apache, Mizzoni, Four Star or whoever and on my second request, I'm asked my phone number and they instantly know my address. I didn't give permission to have my phone number and address to be stored on some database but they obviously have it.

    Now I'm not complaining here or being pedantic, in fact it makes it easier for me not to list off my address every time

    My question is if you call a business (any business) do they need your permission to put all your details on a database?


Comments

  • #2
    Tom Young
    Legal Moderators, Society & Culture Moderators Posts: 4,338 Mod ✭✭✭✭Tom Young


    Thanks for nice remark.

    The answer is technically yes.

    Consent is required, which you gave on a one off basis. Not ongoing, in my view.

    Condition: Calls fast food joint; Hungry; CLI appears or are asked telephone number; Are asked address (which you give, for delivery); and recorded.

    Action: Food delivered; Information stored; Customer happy.

    Problem:

    Consent in the condition stub is lacking for permanent recording of personal data. If following DP Acts, personal data should be purged within 6 months. Any personal data which is not purged can be subject of a "SAR" - Subject Access Request. Under the DP Acts 1989 and as amended to include S.I. 535 of 2003:
    Confidentiality of communications
    5. (1) No person shall use an electronic communications network to store information or to gain access to information stored in the terminal equipment of a subscriber or user unless -
    (a) the subscriber or user concerned is provided with clear and comprehensive information in accordance with the Acts, which is prominently displayed and easily accessible and which, without limitation, includes the purpose of the processing
    (b) the subscriber or user is offered the right to refuse such processing by the data controller.
    (2) Paragraph 1 does not prevent any technical storage of or access to information for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network or which is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
    (3) Section 98 of the Act of 1983 does not apply to:
    technical storage of communications and the related traffic data which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality.

    However ....
    Location data other than traffic data
    9. (1) No person shall process location data other than traffic data relating to users or subscribers of undertakings unless,
    (a) such data are made anonymous or,
    (b) they have obtained the consent of the users or subscribers to the extent and for the duration necessary for the provision of a value added service.
    (2) An undertaking that has not already done so shall inform its users or subscribers, prior to obtaining their consent, of the type of location data other than traffic data which will be processed, of the purposes and duration of the processing and whether the data will be transmitted to a third party for the purpose of providing the value added service.
    (3) An undertaking shall give users or subscribers the possibility to withdraw their consent for the processing of location data other than traffic data at any time by making a request that such processing be stopped.
    (4) Where the consent of users or subscribers has been obtained for the processing of location data other than traffic data an undertaking shall give the user or subscriber the possibility, using a simple means and free of charge, of temporarily refusing the processing of such data for each connection to the public communications network or for each transmission of a communication.
    (5) An undertaking shall ensure that the processing of location data other than traffic data in accordance with paragraphs (1), (2) and (4) is restricted to persons acting under the authority of the undertaking or of the third party providing the value added service based on data provided by that undertaking and shall be restricted to what is necessary for the purposes of providing the value added service.

    Did they ask your consent? Don't answer that.

    Tom


  • #3
    GerardKeating
    Registered Users, Registered Users 2 Posts: 7,805 ✭✭✭GerardKeating


    mikemac wrote: »
    Now I can call Apache, Mizzoni, Four Star or whoever and on my second request, I'm asked my phone number and they instantly know my address. I didn't give permission to have my phone number and address to be stored on some database but they obviously have it.

    Or they have an electronic phone book...


  • #4
    TJM
    Registered Users, Registered Users 2 Posts: 548 ✭✭✭TJM


    Tom - I think you're misreading the scope of SI 535 of 2003. The definition of "location data" is quite narrow:
    “location data” means any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service;
    The key portion is in bold. Data which is not processed in such a network is not included. To grossly over simplify, the aim is to protect location data associated with the call itself - such as the masts through which a mobile phone call is routed. Geographic information processed independently of the network is not included in that definition.


  • #5
    Tom Young
    Legal Moderators, Society & Culture Moderators Posts: 4,338 Mod ✭✭✭✭Tom Young


    TJM wrote: »
    Tom - I think you're misreading the scope of SI 535 of 2003. The definition of "location data" is quite narrow:The key portion is in bold. Data which is not processed in such a network is not included. To grossly over simplify, the aim is to protect location data associated with the call itself - such as the masts through which a mobile phone call is routed. Geographic information processed independently of the network is not included in that definition.

    TJ yes, I think you are right. I toil slightly with this SI, as it is partly relevant to Communications Undertakings and then also partly relevant to natural beings and the disclosing of relevant data.

    Will remove the inaccuracy, so what then is location data other than traffic data?

    Tom


Advertisement