Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 27-03-2008, 15:31   #1819
popper
Inactive
 
Join Date: Jan 2006
Posts: 3,270
popper has a bronze arraypopper has a bronze arraypopper has a bronze array
popper has a bronze arraypopper has a bronze arraypopper has a bronze arraypopper has a bronze arraypopper has a bronze arraypopper has a bronze array
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Quote:
Originally Posted by ceedee
So, aiui, flowrebmit is asking what if the ICO is convinced that the data VM pass to Phorm really *is* sufficiently anonymised? Ie. outside the scope of the DPA? (That's close enough in summary, flowrebmit?)
Quote:
Originally Posted by flowrebmit View Post
Erm Sort of, it's whether any elements of our IP data traffic, passing through the Phorm/ISP profiling equipment, is treated as personal data by the DPA?

Many of us will know we have, at times, personal data travelling in an unencrypted IP data stream, but does the Act cover that, or is it only concerned with personal data that we explicitly give to an organisation that they use?
CeeDee, before any personal data '*is* sufficiently anonymised' it has to be collected (there it is again) and processed, and so is always inside the scope of the DPA at that point.

and also why Phorm have seen fit to so called 'Gift' the collecting,processing,profiling, and finally anonymising kit/sw to the ISPs.

its a loophole they know they can slip through ,passing the legal/DPA responsibility to the other guy.

flowrebmit,you give your ISP (or any *companys dealing with your personal data) the right to collect, process and export out of the country all your data as a generic term/clause in your T&C, it has to be there, or they dont have any rights to deal with your data, ever.

you can send a registered DPA Notice at any time to override that generic consent term and instruct them how they may or not use your data from that point on.

IF you dont send that DPA Notice, then the ISP will try and use that generic T&C consent you have given them to justify sending any of your potentially personal data to their cash generators including Phorm Kit.

send your DPA Notice instructing them to stop collecting, processing, storing or exporting my personal data, and they must stop.

although sending such a blunt instruction means that they cant then reasonably be expected to process your data to supply and bill you for the service your paying for.

in effect, you terminate the contract and so are subject to REASONABLE termination fees.

however, if you stick to the generic, you will not collect process,store or export my data except in the very strict basic supply and billing of my contracted services, then your not proventing or restricting them from the basic supply or billing
as per contract, and so not terminating the contract, see the fine line?

and that would stop them sending your personal data (remember the EU DC IP is your PD also) to any internal Phorm kit, but its always better to expressly forbid sending to any Phorm or simular profiling electronic device to be sure.

rememeber, the DPA covers all aspects of your personal data, if you dont want your contracted company to do this or that do that to it, tell them in the official registered post DPA Notice.

and they MUST Comply (and send you by return post, the actions they took to comply with said Notice) or face a Non-Compliance action, and potentially have their DPA licence revoked and other sanctions, NO licence, No way to process your electronic bill data.

*any UK (and potentially any EU) company thats collecting processing,storing or exporting your personal data THAT IS NOT EXPLICITLY under a contract with you is stuffed.
popper is offline