Am I being a snow-flake?

9db3xj7z41fs5u

Antares35 wrote: »

OP do you realise that data breaches don't necessarily have to be reported? It's only where there will be an impact to the rights and freedoms of a natural person, for example discrimination, financial or social hardship, defamation etc.

I composed an email and sent if, on the basis of the advice from my GDPR officer colleague. I announced my concerns to the company. I did ask them to delete all the photos. I asked them to cancel my order. I shall not be using their services again. I am frustrated about their lack of acknowledgment. I just want people to be aware of this risk when they are creating their calendars in the future. Think that I am overreacting all you want. But data protection affects us all. If they are this casual with my photos, who knows how casual they are with my address or name or bank details. We all deserve due diligence when people are dealing with our personal information. I have sent the email (albeit, it has been ignored). I now consider the matter closed and will not engage with this company again.

Antares35

Barbara Fresh Vender wrote: »

I composed an email and sent if, on the basis of the advice from my GDPR officer colleague. I announced my concerns to the company. I did ask them to delete all the photos. I asked them to cancel my order. I shall not be using their services again. I am frustrated about their lack of acknowledgment. I just want people to be aware of this risk when they are creating their calendars in the future. Think that I am overreacting all you want. But data protection affects us all. If they are this casual with my photos, who knows how casual they are with my address or name or bank details. We all deserve due diligence when people are dealing with our personal information. I have sent the email (albeit, it has been ignored). I now consider the matter closed and will not engage with this company again.

Oh god trust me I don't need a data protection lecture I also didn't say you are over reacting (although I think you are). Just pointing out the legal obligations on the company.

LegacyUser

I am surprised at the amount of people who would have no issue with this. I think you are entirely in your rights to feel aggrieved by the inactions of the company.
Mistakes happen but it is how they are being addressed.

Firstly, is it personal data. Yes it is, but not necessarily yours. Depends if you are in the pictures or not. The reason it is personl data is because the people in the pictures could be identified directly or indirectly.

Secondly, is it a breach of personal data. Yes, it is. The photos have been made available to others without authorisation.

Thirdly, is it reportable. That’s where it becomes a bit tricky. A breach is reportable to the data protection authority (in this instance probably the ICO) where there is a likelihood of risk of harm (this can be financial, reputational, physical, emotional…). Where the risk of harm is high it does not only have to be reported to the ICO but also the individuals involved if possible. This of course gets a bit harder as the company may not have any information allowing them to contact the individuals affected directly and they have no obligation to you.

What can you do. Well, you can lodge a complaint with the company and if not addressed appropriately you can make a complaint to the ICO or the DPC.

Further, you can request access to your data and information on how it has been used (such as unathorised disclosure). Of course, as you have outlined you can exercise your right to erasure. You can also go through the courts but there isn’t much precedence to date so this may be a costly venture and I’d say it would be hard to demonstrate any material or non material damages.

The fact that the a person may choose to publish pictures (of themselves) on Facebook or WhatsApp has little to do with the company disclosing the pictures without authorisation. That is because it is a choice. How our personal data is used should be our choice.

osarusan

I can understand you being quite p!ssed off, as a company that makes such calendars should be extra extra careful when posting them.

But beyond the complaint you have already made to them, I don't know what more you can do.

joeguevara

Barbara Fresh Vender wrote: »

There were normal pictures of my family (some under 12) on the beach in their togs. I would just like clarification that these pictures have been sent back to the company, and this doesn’t happen again. I don’t know who now possesses the images.

I have sent back the calendar. I do not know who has my calendar

I just don’t want this to happen for other families

Who in their right mind wants a calendar of under 12 kids in swimming togs. Even if they are related other people who come to their home aren't.

Secondly what due diligence did you undertake before sending the photos to a third party. Did you read the t and Cs. If I knew that someone was forwardin pics to an unknown entity I would go nuts.

I hope this is a wind up because all of the issues raised are basically directed at you.

You really sending kids in togs over the net. 😱😱😱

notsoyoungwan

Barbara Fresh Vender wrote: »

I am crying as I read this message. How could a stranger that I never met with a different opinion to me be so mean?


I think that if you get upset by things that people say on a messaging forum, then you must not have real problems.

You wrote that last sentence just after saying you were crying because of a message someone wrote on the thread. Does your sentiment apply to yourself?

You are massively over-reacting to what happened, and tbh if you were that worried about strangers having pictures of your children and other kids, then you wouldn’t have sent those photos online to a company where strangers would be dealing with them in the first place. I mean, what if the employees have sinister motives?? Equally as possible as the random recipient being a paedophile.

I’m laughing at your demands re the risk assessment. In my experience, the people who go about demanding risk assessments very often don’t have a grasp of what they are or of what their value can be, or more importantly, what they can’t be useful for. And you have no right to demand a private company do a risk assessment or change their policies.

The J Stands for Jay

Barbara Fresh Vender wrote: »

Childrens’ pictures (as distinct from adults’ pictures) are considered sensitive materials under GDPR. That is why the schools ask us fill in so much paperwork about using the kids’ images now

Here is the list of sensitive information under GDPR:
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data for the purpose of uniquely identifying a natural person
Data concerning health or a natural person’s sex life and/or sexual orientation

freshpopcorn

Personally I wouldn’t be but I’d be a bit annoyed that I didn’t get the correct Calendar.
Just in my experience people who get worked up over things like this or similar generally are just a bit of an over reactor and have little to be worrying about and could do with taking things less seriously.

ManOfMystery

Barbara Fresh Vender wrote: »

I am crying as I read this message. How could a stranger that I never met with a different opinion to me be so mean? I think that if you get upset by things that people say on a messaging forum, then you must not have real problems.

I understand that they made a mistake. It was how they failed to look into it or acknowledge the data protection issues that bothered me. I checked with my colleague who is a GDPR-officer. They were in breach and he said that they should notify within 72h. And their mistake does not fall under the household exemption, unlike the other cited messages

I wrote the GDPR policy for our firm. Still think you're being overzealous!

I'm not sure why you posted this thread, which is what people generally do when they are on the fence about something. You've had many responses and the general consensus is that it's an OTT reaction, but you keep arguing the same point. If you don't want to accept that or take it on board, why ask in the first place? It sounds like you're content with the courage of your convictions.

ztoical

OP you clearly ordered this calendar over the internet rather then in a physical shop so you electronically sent your photos to them, that would have been a bigger security risk to your images then one calendar being sent to the wrong person. You must have signed/clicked a terms and conditions statement from the store before sending so go check the terms and conditions and if they breached it complain and you'll most likely get a free calendar. Everything else is OTT.

skallywag

OP, I think you are way out of line here, and if someone close to me behaved like this I would frankly be extremely embarrassed. Actually I would extremely pissed off rather than embarrassed.

I agree that you have every right to protect images of your friends, family, etc. No issue there whatsoever. However, you yourself took the conscious decision to send these images to this privately operated company. It is not as if these are official images which were legally required for some purpose (e.g. passport photo, etc.) and which were subsequently falsely distributed, etc. A genuine mistake then occurred, and you have then reacted in this manner, trumpeting 'GDPR, GDPR' for all to hear.

leggo

First off OP, you're correct in what you say that it's a breach. The facts of what you're saying are true and nobody is disputing. But also what you're asking the company to do - to give you feedback on their internal processes which could include employee disciplinary process - could also constitute a data breach if the company complied with you, depending on the info you wanted. You have zero right to access their internal processes. So, you know, glass houses and all that.

Why you're getting pushback here is that I think you're triggering people who deal with people who cry "GDPR" a lot. First off there's the massive hypocrisy above in claiming to care about the sanctity of GDPR while also asking for private internal information, which suggests not actually caring about GDPR at all and instead a concerted effort to escalate an honest mistake from someone. You're not going to get what you're looking for because what you're looking for isn't legal, and continuing to try force the issue only puts pressure on the job of some employee who made an honest mistake at a time when jobs are scarce for everyone. In the background they've likely already caught a bollocking for this mistake, now you just won't go away and let it be. If they're aware of that, think of the anxiety that employee must feel going to work every day at an already anxious time for the entire planet.

It's not that your base concern is unreasonable: GDPR law is in place and taken so seriously for good reason. It's the fact that you seem to want blood over this by following up on it and taking it on as a battle you need to 'win'. You're claiming to cry here and feel attacked but you're also not accepting that this situation has escalated because YOU chose to escalate it, this is a thread YOU decided to create after YOU told your friend about this situation to begin with. They shouldn't have sent out the wrong calendar and been better in how they handled their complaint, fine, but they're not responsible for this 'distress' you're claiming now, that's all on you and your stubbornness to keep this issue alive.

At any stage in this process, you could've let it go and not been upset, you're now choosing to be upset by your insistence on keeping it going. You won't gain anything out of this: you've already got the gift you're looking for for free and no harm will likely befall you or your loved ones. You've highlighted the issue with the relevant people. Don't use their business again if you need a calendar, use someone else. Why are you still pouring fuel onto this? Do you not see that you being upset now is a direct result of the choices you've made to continue to flog a dead horse on this issue? Is this how you want to feel and who you want to be? If not then ask yourself why you can't let it go and what your best case scenario is here to be worth upsetting yourself by keeping it going?

Rubberchikken

If you actually cried after my post then I'd suggest you worryore about that reaction rather than a calendar or pictures of some kids.


You really need to dial back on this nonsense.

Neyite

Mod Note:

the14thwarrior
Spencer Winterbotham
Bubbaclaus
B.A._Baracus
beveragelady
Rubberchikken
Pinoy adventure

Your posts were deleted as they were either off topic, or fell below the standard expected of the forum. We expect all posters to be civil and constructive and offer helpful advice to an op. Nastiness and name calling are not on either.

OP, I've closed your thread as it's more of a consumer issue. We've a forum that might be more helpful https://www.boards.ie/vbulletin/forumdisplay.php?f=580