Go Back  PPRuNe Forums > PPRuNe Social > Jet Blast
Reload this Page >

GDPR shenanigans

Jet Blast Topics that don't fit the other forums. Rules of Engagement apply.

GDPR shenanigans

Old 25th May 2018, 22:08
  #1 (permalink)  
Thread Starter
 
Join Date: Oct 2002
Location: West Wiltshire, UK
Age: 67
Posts: 369
GDPR shenanigans

Like many, I suspect I'm not alone in getting a bit fed up with having a flood of emails from companies/organisations that I often can't remember having dealt with pop into my inbox over the past few days. With one notable exception, they have all stated that I need to positively confirm to them that I agree to them holding my details, and if I don't they will be deleted. I personally think this is great; loads of companies/organisations will be forced to stop holding my details without my explicit consent (with one apparent exception).

Who do we think might be the organisation that I believe is ignoring the intention of the GDPR, but notifying me that unless I specifically ask them to remove my details, they will retain them?

The Conservative and Unionist Party...

A couple of years ago I emailed my (Conservative) MP, as a constituent. He replied, and was generally helpful, but then added my email address to a Conservative party mailing list. TBH, it's general not pissed me off too much until now, as the newsletter letting his constituents know what he's doing is informative, when passed through the appropriate bullshit filter.

Am I wrong in thinking that the Conservative and Unionist Party should be acting like everyone else, by removing my details from their database unless I explicitly choose to opt in?

I'm tempted to pass their email on for a legal opinion, as I believe that they are failing in their duty to properly comply with the GDPR. I'm also mildly annoyed that my MP passed my personal details on to party HQ (as it is them that have emailed me today) when I wrote to him, via email, regarding a personal matter, as my MP.
VP959 is online now  
Old 25th May 2018, 22:18
  #2 (permalink)  
 
Join Date: Feb 2005
Location: UK
Age: 81
Posts: 699
I get the feeling that if they send you an email and you don't respond, then in some clever way this gives them the right to keep your details and continue sending rubbish emails.
I am now getting loads every day, clicking on 'unsubscribe' doesn't stop them iether.
funfly is offline  
Old 25th May 2018, 22:26
  #3 (permalink)  
Thread Starter
 
Join Date: Oct 2002
Location: West Wiltshire, UK
Age: 67
Posts: 369
From what I've read so far, the fines that can be levied against any company/organisation that deliberate chooses not to comply with the GDPR are pretty massive. I also believe that these GDPR notifications are supposed to be worded so that unless you positively act to agree to them holding your details, they are obliged to delete them.

Apparently, the Conservative and Unionist Party seem to believe that they can get away with sending out emails, and if YOU don't respond they have the right to retain your personal details. My understanding is that this is not compliant with the GDPR, and if so, I intend to try and take action against them for a breach of the regulations, primarily because I suspect they are just choosing to ride roughshod over these regs.
VP959 is online now  
Old 25th May 2018, 22:27
  #4 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,431
Originally Posted by VP959 View Post
Am I wrong in thinking that the Conservative and Unionist Party should be acting like everyone else, by removing my details from their database unless I explicitly choose to opt in?
Difficult to say, not least because there are special rules for political parties, so you'd need someone up in those particular political party specific wriggles of the law. My party was sending out opinions and instructions from the centre to local parties as late as yesterday, with their current interpretations of the law, which may or may not turn out to be correct once we've got some case law.

Part of the problem is that royal assent was only two days ago, which is not a lot of time to get final definitive views from lawyers as to what the law actually means. Bit of a mess really.
Gertrude the Wombat is offline  
Old 25th May 2018, 22:28
  #5 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,431
Originally Posted by VP959 View Post
I also believe that these GDPR notifications are supposed to be worded so that unless you positively act to agree to them holding your details, they are obliged to delete them.
Guess what: it's lots more complicated than that.
Gertrude the Wombat is offline  
Old 25th May 2018, 22:34
  #6 (permalink)  
 
Join Date: Jan 2007
Location: EU
Posts: 1,218
I had a phone call from a local Audi garage asking me if they could keep my details. They asked for my email address so they could send me the link by which I could opt out. I thought it peculiar that I needed to provide contact details so that I could opt out of them contacting me. So I said no.
Mikehotel152 is offline  
Old 25th May 2018, 22:47
  #7 (permalink)  
 
Join Date: Aug 2000
Location: No longer in Jurassic Park eating Toblerone....
Posts: 2,652
The whole problem dies in 1 hour and 14mins as the cutoff is midnight tonight!
LowNSlow is offline  
Old 26th May 2018, 03:12
  #8 (permalink)  
 
Join Date: Jun 2011
Location: New Zealand
Posts: 166
I have been receiving these GDPR types of e-mails as well and I live in New Zealand. I have also been getting
numerous e-mails that aren't from the companies whom they say that they are so I just mark the whole lot as
spam. This second lot all want me to enter a 30 second survey, yeah rite that's going to happen.
Nervous SLF is offline  
Old 26th May 2018, 07:59
  #9 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 10,791
Originally Posted by Nervous SLF View Post
I have been receiving these GDPR types of e-mails as well and I live in New Zealand. I have also been getting
numerous e-mails that aren't from the companies whom they say that they are so I just mark the whole lot as
spam. This second lot all want me to enter a 30 second survey, yeah rite that's going to happen.
You do realise that if you don't respond to all those emails, the world will come to an end? Or something.
DaveReidUK is offline  
Old 26th May 2018, 08:08
  #10 (permalink)  
 
Join Date: Feb 2008
Location: UK
Age: 62
Posts: 147
the dvla and the government gateway has not asked my to confirm my data - funny that -nor has HMRC - its all a scam
rog747 is offline  
Old 26th May 2018, 09:43
  #11 (permalink)  
Thread Starter
 
Join Date: Oct 2002
Location: West Wiltshire, UK
Age: 67
Posts: 369
Originally Posted by rog747 View Post
the dvla and the government gateway has not asked my to confirm my data - funny that -nor has HMRC - its all a scam
Interestingly, they haven't asked me to confirm the data they hold either, neither has my (government) pension provider, although insurers, banks and every other Tom, Dick and Harry seem to be emailing me, even companies that I can't remember having ever dealt with. I suspect that a a few of these GDPR emails may well be deliberate data collection scams; just spam emails sent out in order to try and get a response.

Frankly I can't see how on earth the GDPR is going to have the slightest effect on the crooks; they already spoof where their emails come from so they are hardly likely to start complying with a bit of EU legislation. Looking at the immediate impact I'd say the damned regulations are just going to prove to be a PITA for honest companies and organisations, and consumers, whilst have zero impact on the real crooks and nuisance email generators.
VP959 is online now  
Old 26th May 2018, 12:21
  #12 (permalink)  
 
Join Date: Jan 2018
Location: UK
Posts: 1
It's pretty much a waste of time, most websites track at much lower levels and have code that attempts to identify (usually succesfuly) individual devices from MAC address.
It is impossible to police what websites do with the harvested data, there is absolutely no anonymity or privacy on the Internet unless you operate mobile and throw away/destroy your mobile hardware at regular intervals

If you think using Tor and clearing your cache will hide you, well............
Gault is offline  
Old 26th May 2018, 18:32
  #13 (permalink)  
Resident insomniac
 
Join Date: Aug 2005
Location: N54 58 34 W02 01 21
Age: 75
Posts: 1,859
Does this GDPR apply to keeping telephone numbers so that they can telephone you more than a decade after they acquired it and invite me to take part in a lifestyle survey that will earn me extra unsolicited calls from companies offering services that I don't want? - or will all that now cease?
G-CPTN is offline  
Old 26th May 2018, 19:37
  #14 (permalink)  
 
Join Date: Oct 1999
Location: Swindon, Wilts,UK
Posts: 563
Originally Posted by G-CPTN
Does this GDPR apply to keeping telephone numbers so that they can telephone you more than a decade after they acquired it and invite me to take part in a lifestyle survey that will earn me extra unsolicited calls from companies offering services that I don't want? - or will all that now cease?
According to the online course that we all had to do at work last week it applies to all data which includes digital data, stored e-mails, paper records, phone numbers and photos. Apparently GDPR is meant to control the use of personal data.
This data is meant to be managed and used in an appropriate and time limited manner. After the use that you consented to has come to an end the data is supposed to be securely destroyed.
Organisations can be fined for breeches which can be inappropriate use, loss, insecure handling, inaccurate recording of data and improper deletion of data.
Breeches of sensitive data such as medical records, criminal records or that which could cause detriment to an individual can lead to fines of up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.
For Breeches of non sensitive data it is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.
Individuals have a right to request organisations to reveal the data held about them and there are deletion rights for certain data.
It's a legal mine field so no wonder everybody's flapping about it.
Windy Militant is offline  
Old 26th May 2018, 19:38
  #15 (permalink)  
TWT
 
Join Date: Apr 2008
Location: troposphere
Posts: 690
It's pretty much a waste of time, most websites track at much lower levels and have code that attempts to identify (usually succesfuly) individual devices from MAC address
Websites can't see your MAC address. However, they can see your 'browser fingerprint' which is fairly unique for most people..
TWT is offline  
Old 26th May 2018, 19:39
  #16 (permalink)  
 
Join Date: Feb 2016
Location: Southport
Posts: 1,071
I've just received an email from a Nigerian prince. He hasn't got any fortunes for me at the moment, but he'd like to know if I'd still like to receive his emails about future fortunes after 25th May...
andytug is offline  
Old 26th May 2018, 21:05
  #17 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,431
Originally Posted by TWT View Post
Websites can't see your MAC address.
Possibly. Depends what code they run on your device, and whether it's got some means of detecting the MAC address.
Gertrude the Wombat is offline  
Old 27th May 2018, 10:30
  #18 (permalink)  
 
Join Date: Feb 2007
Location: Currently within the EU
Posts: 318
Organisations can be fined for breeches which can be inappropriate use,
Next time I see someone wearing their trousers on their head, I'll call the Information Commissioner's Office.
​​​​​
Sallyann1234 is offline  
Old 27th May 2018, 12:16
  #19 (permalink)  
 
Join Date: Oct 1999
Location: Swindon, Wilts,UK
Posts: 563
Organisations can be fined for breeches which can be inappropriate use,
Damn it I missed that when I proof read, I wonder how many* prosecutions will occur due to auto correct .





* someones taking the mictric, it took me three attempts to get many instead of any!

Last edited by Windy Militant; 27th May 2018 at 12:24. Reason: bloody auto correct.
Windy Militant is offline  
Old 27th May 2018, 13:13
  #20 (permalink)  
 
Join Date: Nov 2013
Location: Somerset
Posts: 76
My understanding is that you must positively opt-in. Negative opt-outs and pre-filled ticked boxes are no longer acceptable ways to gain consent to use data. You can now request the data that an organisation holds about you (no charge can be made) and you can demand they delete it all and prove that they have done so. Exemptions exist for legal, financial records and of course, Government.
Blackfriar is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.