ICO ponders its future funding strategy

The ICO’s latest paper on its future funding strategy shows how far its thinking has developed. (Not far.) A paper presented to the ICO’s Audit Board last month reports that it has now established a steering group to produce a short business plan.

Assessing who should register is fraught with difficulty, given the fact that there is no definitive list of businesses and even within established categories, it isn’t always possible to identify how many process data and need to notify. Also, businesses are constantly in flux, changing names, going out of business, merging etc.

Finally, given how few non-registration prosecution cases are mentioned in each ICO Annual Report, perhaps there’s not much of an incentive for those at the dodgy end of the compliance market to register in the first place. 

The new steering group will commission further research to enable the ICO to:

• Better understand the profile of the current register;
• Estimate the number of registerable data controllers (to give the ICO an idea of how large the public register might be if it achieved close to full coverage; and
• Forecast future fee levels based on the expected size of the register.

You might have thought that such research would have been carried out years ago. But there’s nothing like good research to ensure that proper evidence-based decisions are made.

The steering group is also tasked with:

• Establishing a process to review all data controllers leaving the public register;
• Engaging with particular sectors that appear to have a lower level of registration than ought to be the case; and
• Establishing a process to refer miscreants to the ICO’s enforcement team.

Setting the right fees are important, as if the ICO receives more in income than it spends on DP, the balance has to be remitted to the Treasury. Fee income for 2014/15 was £1.2m more than the original forecast. If not spent by the ICO, it's money down the drain.  It's as if a Civil Monetary Penalty had been levied on all UK data controllers – but for no good reason at all.

The paper makes an interesting observation about the percentages of  the number of organisations that need to register that the ICO think will be registered each year: “This needn’t be a global figure. For example it could be 100% for elected representatives, 95% for law firms and a lower figure for general business.”

I’d love to know what percentage of estate agents the ICO estimates might register. Not that high, I suspect.

In the 1950s, TV detector vans (see today’s image) began to appear as part of a Government strategy to encourage people to buy a TV licence. Will we see equivalent “ICO detector vans” patrolling our streets to encourage recalcitrant data controllers to register in a few years time? 

I wonder.

Source:
https://ico.org.uk/media/about-the-ico/minutes-and-papers/1431895/20150608-acmeeting-information-paper-on-registration-fee-strategy.pdf

.

£100 & £500 fees for DP & FOI Tribunal appeals

With little fanfare, and at the start of the summer holiday season, the Ministry of Justice has published its response to an earlier consultation paper on enhanced fees for divorce proceedings, possession claims, general applications in civil proceedings and is now consulting on proposals for further fees.

[Yawn.]

Until you realise that, tucked away in paragraphs 124-127, is the proposal to introduce fees for proceedings in the First-tier Tribunal (General Regulatory Chamber).

This chamber deals with a range of regulatory matters, eg those concerning charities, consumer credit, gambling, transport and appeals from decisions of the Information Commissioner.  Currently the only fee income is generated from appeals in relation to gambling licences.

In 2013-14 the estimated cost of the General Regulatory Chamber was £1.6m. The fee income generated from gambling licence appeals was £11,600. The MoJ plans to increase the Chamber's fee income to £350,000 by levying new fees.

The proposal is to charge a fee of £100 to issue proceedings, which would entitle the claimant to a decision based on a review of the papers. The claimant may alternatively elect for an oral hearing, in which case a further fee of £500 would be payable. Based on current volumes, the MoJ estimates that this proposal would generate a cost recovery percentage of around 17% after remissions.

The fees will also apply to “reference” cases where cases are started in the first-tier Tribunal but have to be referred directly to the Upper Tribunal for a first instance hearing.

What is not known is what impact this will have on justice. When fees for referrals to employment tribunals were introduced, the volume of referrals to the tribunals collapsed. Will this move deter a similar percentage of unhappy DP complainants? Given the extremely low volume of DP cases that are currently referred to the Tribunal, it may be some time before this becomes evident.

I suspect that, given the relatively high number of FOI cases that are referred to the Tribunal, we’ll soon learn what effect the introduction of fees will have here.

Will fees really deter claimants who passionately believe in the strength of their case, but lack the funds to place their £100 / £500 punt? I doubt it. Already I’ve seen one consultant tweeting that he’ll stump up the £100 fee for four cases himself – so if the market wants it, there ought to be a safety valve for complainants who are financially stretched.

But fewer appeals to the Tribunal would mean less work for the ICO (with a consequential impact on staffing levels) and on the demand for highly skilled legal advice from our chums at 11 Kings Bench Walk.

The MoJ is inviting comments on this proposal by the end of the summer holiday season (15 September).

So, take a break from your well-earned summer holiday write to the MoJ if you really feel passionately about the matter.

Source:

https://consult.justice.gov.uk/digital-communications/further-fees-proposal-consultation/supporting_documents/enhancedfeesresponseconsultationonfurtherfees.pdf

.

How can we can WhattsApp spam?

I’ve just started to receive emails from an organisation that develops WhattsApp marketing campaigns for data controllers. They’re so keen to explain that it's the latest “cost-effective way to drive more business. With 96% open rate and 10 times response rate than emails, WhatsApp marketing appears as the new game changer.  WhatsApp is the best mode for text messaging because: WhatsApp is free, runs on any mobility platform, is used by millions worldwide, and supports text, audio and video.”

The blurb breathlessly continues: “Our WhatsApp marketing campaigns are customized as per your business needs. You can now broadcast your business text message to your targeted customer base wherever they are. Direct and efficient messaging like never before. Whether you want to increase your business or willing to attract new prospects, our WhatsApp marketing plan will help you to do so. Let's develop a professional brand identity with WhatsApp.”

The blurb almost mentions the privacy issue: “Our WhatsApp bulk messaging plans are meant to communicate your business message to highly targeted group who are interested in your business. Our bulk messaging plans are backed with range tools to track and manage your message campaigns.”

But, given the extremely low cost of sending WhattsApp messages, I wonder how long it will be before the less privacy-minded organisations embark on direct and intrusive marketing campaigns that will make me question the utility  of the WhattsApp platform for messaging in general.

Given the wide range of other communication platforms in current use, our WhattsApp chums are going to need to monitor these WhattsApp marketing initiatives pretty carefully, in case they irreparably tarnish WhattsApp’s (current) great image.

. 

Peeping into secret directions

In his latest report, the Interception of Communications Commissioner has shed more light on the workings of a secret piece of legislation than has any other public official at any time during the past 30 years.

Students of telecommunications law will scan with considerable interest the few pages he’s devoted to Section 94 of the Telecommunications Act 1984, which enables ministers to give secret directions to Communication Service Providers.

Section 94 provides that “the Secretary of State shall lay before each House of Parliament a copy of every direction given under this section unless he is of opinion that disclosure of the direction is against the interests of national security or relations with the government of a country or territory outside the United Kingdom, or the commercial interests of any person. Section 94(5) states that a person shall not disclose, or be required by virtue of any enactment or otherwise to disclose, anything done by virtue of this section if the Secretary of State has notified him that the Secretary of State is of the opinion that disclosure of that thing is against the interests of national security or relations with the government of a country or territory outside the United Kingdom, or the commercial interests of some other person.”

No details on what directions have been issued, or indeed if any have ever been withdrawn, are publicly available. For the first time, Sir Anthony May explains that his office had previously provided limited oversight in respect of one set of Section 94 directions, but the report offers no indication as to whether other sets of directions still exist.

Sir Anthony’s comments are helpful in that the public now knows that directions can: “be given by any Secretary of State and do not automatically expire after a certain period. There does not appear to be a comprehensive central record of the directions that have been issued by the various Secretaries of State.”

Accordingly, Sir Anthony recommends that future legislation should require his office (or successor oversight body) to be informed about all existing directions in order that they can be properly overseen. While law students may have assumed that Home Office ministers would have been aware of all directions that had been imposed on Communication Service Providers, Sir Anthony’s comment raises the intriguing possibility that, say, Foreign Office ministers might well have issued directions to assist the work of MI6, without necessarily telling the Home Office ministers who were responsible for overseeing the work of MI5.

The relevant Communication Service Providers could then have been placed in the invidious position of providing various services for different intelligence agencies, trying really hard not to tip each agency off about what they were doing for another agency. If this sounds like the plot of a French farce, you’re not mistaken.

I suggest that, in addition to the comprehensive central record of all directions being held by the Interception of Communications Commissioner, all directions should also be formally reviewed at 6 monthly intervals. This would at least remind ministers that they were accountable for ensuring that is was still necessary for the directions to be in place, and for their existence to remain a secret.

As this is Sir Anthony’s last report before stepping down, I want to record my appreciation for the way he has permitted his officials to put their heads above the IOCCO parapet and engage with the public in a much more open manner than was considered appropriate by previous Commissioners. I do hope that his successor will have a similar view as to the public role his officials should play. The IOCCO is seen as an effective regulator, winning respect from a wide range of privacy champions.

Let’s wish that the good work will continue, by the IOCCO or whatever successor organisation is created to oversee the surveillance community. 

Source:

http://www.iocco-uk.info/docs/2015%20Half-yearly%20report%20(web%20version).pdf

.

Publishing pictures of celebrities - the paparazzi have more rights than the police

When is it (generally) inappropriate to publish pictures of celebrities in public places? It's fine to publish them if you’re a media organisation, but not if you’re a law enforcement body.

Why?

Because the DPA requires data controllers to restrict their processing activities to those activities that the data controller has registered with the ICO. Newspapers, by their very nature, process personal data for journalistic purposes. This is not a purpose that law enforcement bodies have previously declared.

In accordance with our data protection laws, it can be appropriate for newspapers to publish pictures of celebrities in public places, particularly when the celebrities are currently promoting shows that feature themselves. So, the recent pictures of Messrs Clarkson, Hammond & May, currently touring Australia with their motor show, leaving an Australian Airport, are fair game because they were taken by the paparazzi. But, recent pictures of Michael Mcintyre, currently promoting his UK comedy tour, leaving the Capital Radio studios in London’s Leicester Square, are not fair game, because they were taken and published by the police.

It's a funny old world. I assume the officer who thought it would be fun to publish Michael Mcintyre’s picture on the National Police Air Support Unit’s Twitter account had no idea how the privacy Taliban would react. Well, that officer does, now.

The Surveillance Camera Commissioner and the Information Commissioner have both waded into the debate, so we can be confident that the National Police Air Support Unit will be tweeting fewer pictures of celebrities in future.

But all is not lost. The paparazzi will continue to be out in force, and a grateful public will still be able to feast their eyes on snaps of celebrities who, often working hand-in-hand with the paps, provide arresting images of themselves.

Sources:

http://www.dailymail.co.uk/tvshowbiz/article-3162499/Jeremy-Clarkson-touches-Perth-James-Richard-Hammond-prepare-Australian-leg-live-shows.html
http://www.bbc.co.uk/news/magazine-33535578

.