Quote:
Originally Posted by lucevans
That worries me, Alexander. Phorm think they've covered themselves by offering an "opt-out" which, if chosen, (allegedly) means that they "won't use that data for anything else."
We suspect that our data will still pass through the profiler even if we've opted-out, but they promise not to record that profile information anywhere, transmit it to anyone, or use or for anything (remember people, this is an ex-spyware company...) so they haven't breached the law as you've outlined it above.  |
I think you may be confusing RIPA and DPA here: DPA has the provisos about using the data. Under RIPA the simple act of interception without warrant or explicit consent is illegal. We could be sending a random stream of 1s and 0s, as soon as they send this to the profiler, even if they instantly discard everything from memory, without consent, constitutes an illegal interception - the use they are putting this data to (unless is is required to operate the communications system, which is not the case) is irrelevant.
Under DPA they may have a get-out under "no personally identifiable material" is recorded, transmitted or used. However one of the lawyers on the Channel 4 piece yesterday pointed out that the very act of "anonymising" the datastream
was processing personal information. You can't remove personal information from a stream without looking at it and ignoring it, which can be (and will be) argued as processing.
It's important to keep the distinctions between the DPA and the RIPA in mind. As far as I can see, Phorm is illegal under RIPA, and only arguably legal under DPA.