|
J J
|
|
Group: Forum Members
Posts: 141,
Visits: 541
|
+x+x+xMy experiences with the ICO surround Greater Manchester Police unable to correctly record the fact that I was using a camera and that I was using a smartphone for over a year (and 3 police visits later).
Better url https://tinyurl.com/gmpvsico Thanks James, that was an interesting read and is a big help seeing how to lay out all the information should I pass on my complaints. So far as I have mentioned, I have spoke to my local MP about my issues and concerns but I feel I am getting no where. Now with the new information I have both from my own research and from people such as yourself and many others. I feel there is more I need to make complaints about which I may go into in another topic. Thank you again for taking the time to share this. Its difficult, I would advise you subscribe to adobe to allow use of their acrobat tool. I then applied under data protection for my information including probation (NPPS) and prisons. I also applied to the force in question, however a lot of information they provide is heavily redacted / unusable. Intrestingly enough if you look at my complaint (attached) you'll see there is mention of my phone being seized by my offender manager in 2017. The same offending manager stated in 2016 she knew about this phone and she was happy with me using it. In April 2017 an offender manager visited and looked at the phone and stated she know about it. The police submitted documents to the CPS and probation stating they didn't know about the phone.... Oh and as a side note - I sent my offender manager gps data from the phone on a weekly basis.....
|
|
|
|
|
khafka
|
|
Group: Forum Members
Posts: 320,
Visits: 16K
|
Thought I'd just chime in with an update to my last message. Looks like the UK Database is now aware of my complaining... This could be fun...  [10/07/2020, 15:28:31] Phillip: Good afternoon. How can I help?
[10/07/2020, 15:28:47] Khafka: Hi Philip, I just have a quick question in regards to a case I have with ICO at the moment.
[10/07/2020, 15:29:11] Khafka: I just received a response from the case worked and the wording is a bit concerning and looks like they will be passing my information on to the company to contact me.
[10/07/2020, 15:29:39] Khafka: For safety reasons I did stress this in the initial complaint that I wanted to be anonymous. Are you able to confirm if my details have been shared if I give you the case reference?
[10/07/2020, 15:29:54] Phillip: I can look into that for you, yes. What is the reference?
[10/07/2020, 15:30:06] Khafka: [REDACTED]
[10/07/2020, 15:30:41] Phillip: Please bear with me while I look for you.
[10/07/2020, 15:30:46] Khafka: Sure, no problem.
[10/07/2020, 15:34:44] Phillip: Sorry for the wait. I am just trying to contact the case officer to check the details of the case.
[10/07/2020, 15:34:50] Khafka: Okay
[10/07/2020, 15:38:29] Phillip: I've just spoken to the case officer. They have advised that the organisation has been contacted with details of your complaint.
[10/07/2020, 15:39:08] Khafka: That's fine but am I mentioned by name or is my complaint to them anonymous?
[10/07/2020, 15:39:45] Phillip: As I understand it, the full details of your complaint, including your name, have been disclosed to the organisation.
[10/07/2020, 15:41:00] Khafka: Oh for God's sake. That is not what I wanted to hear and not what I requested in my initial complaint. This could have disastrous consequences...
[10/07/2020, 15:42:04] Phillip: If you consider the case officer has acted incorrectly in dealing with your complaint, I would advise that you contact him to raise your concerns and ask him to address them.
[10/07/2020, 15:42:25] Khafka: I will. Thank you. I think I might need to contact the Police too to give them a heads up.
[10/07/2020, 15:42:34] Khafka: Thanks for your time anyway, Philip. Have a good day[/quote]
|
|
|
|
|
J J
|
|
Group: Forum Members
Posts: 141,
Visits: 541
|
+xThought I'd just chime in with an update to my last message. Looks like the UK Database is now aware of my complaining... This could be fun... [10/07/2020, 15:28:31] Phillip: Good afternoon. How can I help?
[10/07/2020, 15:28:47] Khafka: Hi Philip, I just have a quick question in regards to a case I have with ICO at the moment.
[10/07/2020, 15:29:11] Khafka: I just received a response from the case worked and the wording is a bit concerning and looks like they will be passing my information on to the company to contact me.
[10/07/2020, 15:29:39] Khafka: For safety reasons I did stress this in the initial complaint that I wanted to be anonymous. Are you able to confirm if my details have been shared if I give you the case reference?
[10/07/2020, 15:29:54] Phillip: I can look into that for you, yes. What is the reference?
[10/07/2020, 15:30:06] Khafka: [REDACTED]
[10/07/2020, 15:30:41] Phillip: Please bear with me while I look for you.
[10/07/2020, 15:30:46] Khafka: Sure, no problem.
[10/07/2020, 15:34:44] Phillip: Sorry for the wait. I am just trying to contact the case officer to check the details of the case.
[10/07/2020, 15:34:50] Khafka: Okay
[10/07/2020, 15:38:29] Phillip: I've just spoken to the case officer. They have advised that the organisation has been contacted with details of your complaint.
[10/07/2020, 15:39:08] Khafka: That's fine but am I mentioned by name or is my complaint to them anonymous?
[10/07/2020, 15:39:45] Phillip: As I understand it, the full details of your complaint, including your name, have been disclosed to the organisation.
[10/07/2020, 15:41:00] Khafka: Oh for God's sake. That is not what I wanted to hear and not what I requested in my initial complaint. This could have disastrous consequences...
[10/07/2020, 15:42:04] Phillip: If you consider the case officer has acted incorrectly in dealing with your complaint, I would advise that you contact him to raise your concerns and ask him to address them.
[10/07/2020, 15:42:25] Khafka: I will. Thank you. I think I might need to contact the Police too to give them a heads up.
[10/07/2020, 15:42:34] Khafka: Thanks for your time anyway, Philip. Have a good day I'd advise you to keep going with the ICO, wait until they've dealt with it and then complain. BUT they have to disclose your details or how else can they investigate?
|
|
|
|
|
J J
|
|
Group: Forum Members
Posts: 141,
Visits: 541
|
+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
|
|
|
|
|
khafka
|
|
Group: Forum Members
Posts: 320,
Visits: 16K
|
+x+xThought I'd just chime in with an update to my last message. Looks like the UK Database is now aware of my complaining... This could be fun... [10/07/2020, 15:28:31] Phillip: Good afternoon. How can I help?
[10/07/2020, 15:28:47] Khafka: Hi Philip, I just have a quick question in regards to a case I have with ICO at the moment.
[10/07/2020, 15:29:11] Khafka: I just received a response from the case worked and the wording is a bit concerning and looks like they will be passing my information on to the company to contact me.
[10/07/2020, 15:29:39] Khafka: For safety reasons I did stress this in the initial complaint that I wanted to be anonymous. Are you able to confirm if my details have been shared if I give you the case reference?
[10/07/2020, 15:29:54] Phillip: I can look into that for you, yes. What is the reference?
[10/07/2020, 15:30:06] Khafka: [REDACTED]
[10/07/2020, 15:30:41] Phillip: Please bear with me while I look for you.
[10/07/2020, 15:30:46] Khafka: Sure, no problem.
[10/07/2020, 15:34:44] Phillip: Sorry for the wait. I am just trying to contact the case officer to check the details of the case.
[10/07/2020, 15:34:50] Khafka: Okay
[10/07/2020, 15:38:29] Phillip: I've just spoken to the case officer. They have advised that the organisation has been contacted with details of your complaint.
[10/07/2020, 15:39:08] Khafka: That's fine but am I mentioned by name or is my complaint to them anonymous?
[10/07/2020, 15:39:45] Phillip: As I understand it, the full details of your complaint, including your name, have been disclosed to the organisation.
[10/07/2020, 15:41:00] Khafka: Oh for God's sake. That is not what I wanted to hear and not what I requested in my initial complaint. This could have disastrous consequences...
[10/07/2020, 15:42:04] Phillip: If you consider the case officer has acted incorrectly in dealing with your complaint, I would advise that you contact him to raise your concerns and ask him to address them.
[10/07/2020, 15:42:25] Khafka: I will. Thank you. I think I might need to contact the Police too to give them a heads up.
[10/07/2020, 15:42:34] Khafka: Thanks for your time anyway, Philip. Have a good day I'd advise you to keep going with the ICO, wait until they've dealt with it and then complain. BUT they have to disclose your details or how else can they investigate? Well my complaint was purely around them having no recognised document controller which they are required to have, they have no cookies/GDPR information on the website which they are required to have if they hold data and information on people, which they do. You could also argue potentially for stirring up/inciting violence too but I never mentioned that explicitly. The idea being they investigate the website and get them to put these procedures in place to comply with the law or fine them. Which is applicable to all companies. There is zero need to disclose my information for that. I've already submitted a complaint to ICO about it as they clearly never read the complaint properly as the reply was just a stock template that was poorly edited as you can see in the screenshot. Them posting my information a year ago is one thing and I've moved on from there. Now I'm concerned about them making some post or statement on their Facebook about it which is a more direct and focused attack than merely posting a link to my local news website and their rambling thoughts on my offence. If they get in touch I have almost zero doubt it'll be quite uncivil. Private correspondence between myself and the website owner I have zero issue with. That is fine and that is how companies would typically do it but the UK Database website and Facebook exist purely to air dirty laundry. So I am a little concerned now, to be honest.
|
|
|
|
|
khafka
|
|
Group: Forum Members
Posts: 320,
Visits: 16K
|
+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ I can't remember the full wording of the complaint off the top of my head but the main ones that jump are: - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
|
|
|
|
|
Zack
|
|
Group: Forum Members
Posts: 60,
Visits: 4.6K
|
+x+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ I can't remember the full wording of the complaint off the top of my head but the main ones that jump are: - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
That is concerning. Under GDPR they are supposed to have consent before they pass on your personal details to another organisation. If you clearly stated that you wanted to remain anonymous, then they did not have consent. The ICO should know better, it's literally their job to promote fair data protection. I can understand if they felt they couldn't progress the complaint without the other party being aware of who made the complaint. If that was the case then they should have told you, and gave you the option to either consent to your name being passed on, or have the complaint dropped. That might be a valid stance concerning the information specifically about yourself, depending on the exact details. However, as you note, you were also complaining about more general violations, such as them making a criminal database. So your identity wasn't valid for those parts of the complaint, and I can't see any reason why the website would need to know who made the complaint. By passing on peoples identity the ICO is essentially undermining the ability of people to make complaints against organistations misusing personal data. It should be obvious to them that a vigilante type website is likely to misuse data.
|
|
|
|
|
J J
|
|
Group: Forum Members
Posts: 141,
Visits: 541
|
+x+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ I can't remember the full wording of the complaint off the top of my head but the main ones that jump are: - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
They'd argue that the information they're processing is in the public domain anyway. As for the cookies thing etc yeah you might have a point...W/R to the factually incorrect information, have they taken that information from a factually incorrect story in the first place? Their site is hosted on wordpress, you could try approaching them with a complaint.
|
|
|
|
|
khafka
|
|
Group: Forum Members
Posts: 320,
Visits: 16K
|
+x+x+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
They'd argue that the information they're processing is in the public domain anyway. As for the cookies thing etc yeah you might have a point...W/R to the factually incorrect information, have they taken that information from a factually incorrect story in the first place? Their site is hosted on wordpress, you could try approaching them with a complaint. They posted the link and then made a bunch of stuff and assumptions up based on that. Well it all back fired. I'm back trending on the vigilante Facebook as a result. Needless to say they weren't interested in address my complaint. So where do we go from here?
|
|
|
|
|
J J
|
|
Group: Forum Members
Posts: 141,
Visits: 541
|
+x+x+x+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
They'd argue that the information they're processing is in the public domain anyway. As for the cookies thing etc yeah you might have a point...W/R to the factually incorrect information, have they taken that information from a factually incorrect story in the first place? Their site is hosted on wordpress, you could try approaching them with a complaint. They posted the link and then made a bunch of stuff and assumptions up based on that. Well it all back fired. I'm back trending on the vigilante Facebook as a result. Needless to say they weren't interested in address my complaint. So where do we go from here? +x+x+x+x+xHey folks. Submitted a complaint about the UK Database to ICO detailing their GDPR rule breaking among other things and I finally have a response. It is basically a nothing response as anticipated. The wording is slightly concerning though... Looks like they might be sending my contact details to them to try and resolve this issue..? Email response: https://i.imgur.com/NT1CSQo.pngDear Mr [REDACTED]
Thank you for submitting a complaint about the way The UK Database has processed your personal information.
The ICO’s role
Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
Your complaint
We have considered the issues that you have raised with us and have written to The UK Database to explain that we expect their organisation to work with you to resolve any outstanding matters.
Next steps
One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available.
In this case, we expect the organisation to explain to you how they have complied with their obligations under the law as comprehensively as possible, including correcting any issues that they have identified or clarifying any areas of misunderstanding.
However, we are aware that the coronavirus pandemic is putting unprecedented pressure on many organisations. Some organisations have told us that they have had to reduce or suspend elements of their information rights practice due to the need to prioritise resources.
During these unprecedented times we must balance upholding important individual rights and protections granted to people by law, alongside recognising the challenges that many organisations, such as those providing a frontline service, face. As a proportionate regulator we will act in a manner which takes account of these circumstances, including how we approach our work
Although we expect the organisation to review your data protection concern as quickly as possible, we would note that it is possible that this may take them longer than usual because of the coronavirus pandemic.
Yours sincerely
Jordan Wright
Case Officer
Information Commissioner’s Office
I've sent a reply expressing my concern for the wording and stating how I don't want the UK Database to get any of my contact information or know that the complaint has come from me (for obvious reasons).
Also what rule do you think they've broken - this is a summary: - Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ - No available GDPR information on the website to show how they process information
- No cookie/tracking notification (applicable with the above)
- No recognised data controller who is responsible for ensuring their compliance with GDPR
- The factually incorrect information they posted about myself - Despite the correct information being listed on the website they linked to
- No response to my subject access request despite waiting 3 months and following up with an email after each month (supposed to be about a month)
- Creating an open publicly accessible criminal database which is illegal in the UK
There was a bit more but that should be more than enough.
They'd argue that the information they're processing is in the public domain anyway. As for the cookies thing etc yeah you might have a point...W/R to the factually incorrect information, have they taken that information from a factually incorrect story in the first place? Their site is hosted on wordpress, you could try approaching them with a complaint. They posted the link and then made a bunch of stuff and assumptions up based on that. Well it all back fired. I'm back trending on the vigilante Facebook as a result. Needless to say they weren't interested in address my complaint. So where do we go from here? You could try reporting it as a crime through your offender manager?
|
|
|
|