PL&B UK E-news, Issue 72

1. ICO lobbying hard for new data protection sanctions

The Information Commissioner’s Office (ICO) is shooting with all guns to retain Clause 76 of the Criminal Justice and Immigration Bill, which will introduce a custodial sentence for a Data Protection Act offence for the first time. The Bill, which is currently going through Parliament, will give courts the power to give custodial sentences for those convicted of existing offences of buying or selling personal data.

Thomas said on 1 April: ‘I am pleased that Government is now taking data protection, and the need to prevent security breaches, more seriously. But there have been powerful last-ditch efforts to get clause 76 removed from the Criminal Justice and Immigration Bill. There has been widespread support for the government’s decision to strengthen the law and – if data protection is to be taken seriously - it is vital that the government and other parties should stand firm against any possible amendments. I am determined to stop the pernicious illegal market in personal information which our reports exposed.

The Bill had its report stage debate in the House of Lords on 26 March, and
the final debate in the Lords is scheduled for 30 April.

2. Heathrow’s use of biometric data temporarily stopped by ICO

The system of biometric identification used by Heathrow airport’s new Terminal 5 is being investigated by the Information Commissioner (ICO). The airport fingerprinted domestic and international passengers, as well as digitally photographing them as they entered the passenger lounge. In order to avoid domestic passengers boarding international flights, passengers were matched up with these details when entering the aircraft.
According to the airport company, BAA, the biometric data is needed to ensure that passengers do not swap tickets once in the departure lounge. BAA said that details will not be passed on to other authorities, and will be destroyed at the end of each day.

BAA soon changed its tune after having had a meeting with the Information Commissioner and the Border and Immigration Agency. Its statement said that the introduction of fingerprinting technology would be temporarily delayed, and they would resort to using the existing technology based on photographic identification.

Deputy Information Commissioner David Smith said on 24th March: "If we find there is a breach of data protection legislation we would hope to persuade them to put things right. If that is not successful we can issue an enforcement notice. If they don't comply, it is a criminal offence and they can be prosecuted."

3. ASA tells bank to respect opt-out

Direct mail from ING N.V to opt-out customers goes against the CAP Code, says Advertising Standards Association (ASA). The marketing letter, sent together with a newsletter, prompted customers to get in touch if they want to reverse their opt-out.

The ASA ruling states: We considered that, by ticking the opt-out box on the application form, customers would expect to receive no communications at all from ING Direct about their other products and services; those customers were likely to interpret the receipt of an ING Direct promotional newsletter, accompanied by a letter that stated "We currently have you recorded as having opted out from receiving marketing promotions from ING Direct", as ING Direct being aware of, yet ignoring, their wishes.

The advertisement breached CAP Code clause 43.2c (Database practice).The company was ordered not to send any marketing communications to customers who have opted out.

See the ruling of 5 March 2008.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2008