ICO update on action taken over nuisance calls
The Information Commissioner's Office (ICO) has reported that last year it received 166,665 complaints concerning unsolicited cold calls. The regulator fined ten companies a total of nearly £1m in 2015 and expects to issue a further £1m in fines before the end of the financial year. They report on their work with other regulators like Ofcom and work with local government trading standards team to pursue culprits. The ICO is taking a firm stance against nuisance calls and has its eye set on this and other areas such as privacy notices and third party marketing.
The ICO have also highlighted work undertaken to pursue companies based abroad. If they can trace spam or unwanted calls to countries in the European Economic Area, they will pass on evidence to the regulator based in that country. It can be seen that, with the amount and frequency of fines gradually increasing, the ICO is cracking down on offenders and is taking its role as a regulator very seriously in enforcing fines.
The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR). The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax. Companies are advised to revise this guidance.
To see the full statement click here
ICO issues guidance on WiFi analytics
The Information Commissioner's Office (ICO) has issued new guidance setting out how operators of WiFi networks can use location and analytics information in order to comply with the Data Protection Act 1998. It aims to help data controllers to promote good practice and fully understand their obligations.
Recommended practices include:
- conducting a privacy impact assessment
- defining purposes – organisations need to be clear why they are collecting personal data and what they intend to do with it
- being clear and transparent – individuals should be notified
- removing identifiable elements – remove unnecessary privacy risks
WiFi networks are seen as a gray area as many people do not fully understand what kind of data they are transmitting via WiFi, what can be seen, who can access it and the security in place. Often people access WiFi networks on the go, not realising that other people can potentially hack into their laptop, tablet or phone. Further to this with the onslaught of LocationBased Services, people are forever "checking in" to restaurants, bars etc making tracking almost a part of day to day life. Personal data obtained over Wi Fi needs to be protected. This guidance is a much needed addition to the ICO's catalogue and provides clear guidelines on how to protect individuals accessing a WiFi network.
The guidance can be viewed here
EDPS gives opinion on EUUS Umbrella Agreement
Giovanni Buttarelli, The European Data Protection Supervisor (EDPS), has published his Preliminary Opinion (1/2016) on the text of the EUUS 'Umbrella Agreement', set up to allow the transfer of personal data from the EU to the US government for law enforcement. This agreement is separate from, but needs to be considered in conjunction with the 'Privacy Shield' agreement on the transfer of personal information in a commercial context.
Mr Buttarelli expresses his support for the agreement, but has concerns including the effectiveness of judicial redress, the prevention of bulk transfers of personal data and ensuring any safeguards apply to everyone protected under the Charter of Fundamental Rights, not just EU citizens.
The full text of EDPS Opinion 1/2016 can be found here
REST OF THE WORLD
Facebook and Twitter support over phone encryption fight with FBI
The Guardian reports that Facebook and Twitter have lent their support in the legal battle with the FBI, which is attempting to gain access to the encrypted phone information of one of the San Bernardino mass shooting killers. The FBI has said that they aren't able to break into the phone of Syed Farook due to the security measures on the device and a Federal magistrate has ordered the creation of a software update to help them gain access to the phone. Technology companies have concerns over the precedent this may set.
This comes in the wake of a series of attempts by the FBI and US Justice department to force tech companies to turn over (in real time) text messages from their users. These requests have been rebuffed time and time again. There is heightened corporate resistance by American technology companies who are intent on demonstrating that they are trying to protect customer information. The US Justice department and FBI officials have been frustrated that the White House has not moved more quickly or been more outspoken in the public relations fight that the tech companies appear to be winning. Support has been given by a number of Republican presidential candidates for an increase in government surveillance. CIA Director John Brennan and several other officials are piling on the pressure and propose a backdoor algorithm which permits encrypted information to be decoded by the government. This has been faced with a fierce opposition from the tech companies who view it as having dire consequences such as exploitation by hackers and increased terrorism. In the wake of the Paris attacks, the debate around decoding encryption for national security versus right to a private life has gained momentum. Whilst terrorism needs to be counteracted, a balance needs to be struck. By decoding this type of encryption, you are potentially unlocking millions of people's data. A mobile phone is no longer just a phone, you can use it to bank, to communicate, to shop, keep track of your fitness, use location based services, access dating apps, access social media and much more. It is a hub of personal data and although this might assist in an investigation it can also be used to assist terrorism if it gets into the wrong hands.
Facebook said in a statement:
"We condemn terrorism and have total solidarity with victims of terror. Those who seek to praise, promote, or plan terrorist acts have no place on our services.
"However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies' efforts to secure their products."
The full Guardian article can be found here