DEADLINE FRIDAY: Responding to draft CoP RIP Pt.I Ch.II (was RE: ZDNet UK 26/10/2001: "Home Office admits data retention plans")
Caspar Bowden
cb at fipr.org
Tue, 30 Oct 2001 10:05:49 -0000
> Roland Perry
...
> Single person's for as long as you have it in the past, and=20
> for up to a month in the future. (Noting that requests for=20
> traffic data are quite rare, it's the subscriber's name and=20
> address that's wanted for the vast majority of enquiries).
Er..yes, possibly because this legislation is not yet in force !
> >entirety of records held by the ISP. With absolutely no guidance for=20
> >the authorities on what is "proportionate" in the=20
> >circumstances (it's no longer any business of the ISP).
>=20
> 2.3 Test of necessity
> 4.3/4.4 Description of proportionality.
You are joking aren't you ?
"This means that even if a particular case which interferes with a
Convention right is aimed at pursuing a legitimate aim (as listed in
para 4.1 above) this will not justify the interference if the means used
to achieve the aim are excessive in the circumstances. Any interference
with a Convention right should be carefully designed to meet the
objective in question and must not be arbitrary or unfair. Even taking
all these considerations into account, in a particular case an
interference may still not be justified because the impact on the
individual or group is too severe."
So on that basis, how many records on how many people will it be
justifiable to collect in connection with :
*) the next anti-globalisation protest
*) a murder following a rendezvous in an Internet chatroom
*) Sep 11th
*) a Whitehall leak enquiry
It would be interesting, with a bit of scenario background involving the
Internet and a potentially large group of people, to pose this as a
question for Superintendent or equiv. ranks in Customs, police, MoD,
MI5, NCIS, GCHQ and see what sort of range of responses one got ?
..
> >the Data Protection Act 19988 and its data protection=20
> >principles should be adhered to."
>=20
> That's the safeguards which public authorities (jargon for=20
> Police, Customs etc) need to apply to the data once they have=20
> collected it from the ISPs. eg passing the data to an outside=20
> 3rd party should normally be refused on DPA grounds.
I meant the hypocrisy of collecting data under a SI 2093 S.32 nat.sec.
exemption, so it can then be accessed for the broad purposes of Pt.1
Ch.2 nothing to do with nat.sec, all the time blithely saying DP
principles should be adhered to. Not to mention the fact that the
exemptions for police and in DPA98 are themselves vague and elastic. In
the case of nat.sec the exmptions are total - unfair or illegal
processing - no problemo!
http://www.hmso.gov.uk/acts/acts1998/80029--d.htm#28
--
Caspar =
Bowden=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0 www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333=20