Re[2]: Nameless data can still be personal
Joel Harrison
ukcrypto at chiark.greenend.org.uk
Sat, 8 Nov 2008 19:16:35 +0000
On 8 Nov 2008, at 00:35, Chris Salter
<ukcrypto@originalthinktank.org.uk> wrote:
> Hello Roland and UKCrypto,
>
> Friday, November 7, 2008, 7:26:34 PM, you wrote:
>
>> In article <1822185328.20081107144721@originalthinktank.org.uk>,
>> Chris
>> Salter <ukcrypto@originalthinktank.org.uk> writes
>>> Taken at face value this means that standard Apache server logs are
>>> covered by Data Protection Laws?
>
>> They always were.
>
> Obviously a 'mental blind-spot' on my part. While I have always been
> careful not to include any 'end user' identifiable information in any
> published web statistics, I've otherwise viewed both logs and reports
> as proprietary (mine) rather than (other individuals) personal data.
Intellectual property rights and data protection are two different
things. If a company compiles a database of its customers' details,
the company owns copyright in the database but also must comply with
its obligations under the Data Protection Act in respect of the data
in that database. The data does not in any legal sense 'belong' to any
customer, but each customer has rights under the DPA in respect of the
processing of that data (eg the right to be provided with a copy of
the data held about him/her).
Joel