Buckinghamshire CC ANPR cameras

Andrew Cormack Andrew.Cormack at ja.net
Thu Jan 12 14:08:27 GMT 2012

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Chris Edwards
> Sent: 12 January 2012 12:30
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Buckinghamshire CC ANPR cameras
> On Thu, 12 Jan 2012, Roland Perry wrote:
> | There's a huge loophole in the making here... let's say a phone
> company gave
> | lots of cellsite data to his fishmonger
> Presumably the phone company CAN identify people from this data, so
> have
> to treat it as personal, and therefore can't simply give it to
> fishmonger.

That's one of a number of unclarities that result from the UK definition. The definition clearly allows for the same data to be personal in one person's hands but not in another, but the Act has no provisions at all to cover the change of state as it passes from one to another. E.g. is such a transfer covered by rules on personal data (in the hands of the giver) or not (in the hands of the recipient)? Particularly relevant if the recipient happens to be outside the EEA...

On the other hand the EC definition also has problems, since it allows personal data to be handled by someone who has no way to identify or contact the individual. But the Directive still seems to require the holder to inform the individual about the processing (even though they don't know who they are), and to provide them with subject access (even though they can't validate their identity). 

My one and only presentation at an academic law conference suggested that a law that contained contradictions whichever way you interpreted the definition must be broken - that comment afterwards was that I was thinking like a mathematician rather than a lawyer ;-)

The leaked draft regulation is at least clear on how the definition should be used (it even says explicitly that IP addresses are personal data) but, as far as I can see, doesn't resolve the resulting problems about notification and subject access.


More information about the ukcrypto mailing list