Thoughts from an active pensioner who is now somewhat past his Biblical "Use-by date"

"Why just be difficult, when with a little more effort you can be bloody impossible?"

Monday, 7 August 2017

Data Protection Bill

There is a proposal to create new "Right to be forgotten Laws".
To quote the Daily Mail:
We users will be able to force social media firms to delete their personal information under new ‘right to be forgotten’ rules unveiled by the government.
The Data Protection Bill will make it simpler for people to control how companies use their data, with extra powers for the information watchdog to issue fines of up to £17million.
Under the plans, individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased.
Sounds great, but I suspect that the data will still remain somewhere on the web even if it is removed from places like Facebook, etc.  I subscribe to the view that if you voluntarily put personal data on the web, as distinct from supplying it to an organisation for a specific purpose, it is your own fault if someone misuses it.
There are, of course, other problems with such a law. There are laws requiring that certain organisations, such as banks, retain all personal information and it could not be deleted even if requested by the customer. How, for example, would they be able to check all the PPI claims if they'd deleted their data? I suspect this will end up as another fiasco,  as with so much recent legislation.
One thing that I would like to see banned are organisations who retain your credit card number even once the transaction has been completed. If you want to buy anything from Amazon you have to open an account and, of course, provide your credit card number for the purchase. Fair enough, but they retain the information "for your convenience" so that next time you want to buy something, the card number pops up automatically. It might be "convenient", but if they are hacked and someone gets my card number, it is I who would have all the hassle. I'd much prefer to enter my card number anew for each transaction.
As an aside, about ten years ago, I bought something from a site which, in addition to my address and credit card number, wanted other information such as my date of birth. As this had no relevance for the transaction, I put in  1 Jan 1901 (the earliest date their system would accept). At the start of this year I got an automated e-mail from the company congratulating me on my 116th birthday! I wonder how long this will go on for!

Incidentally the BBC ran a piece about this proposed legislation on their web site. I tried to register to leave a comment, but one of the first things they asked for is my date of birth. They claim to want this in order that they can analyse their users by age! They don't need your exact date of birth to do that, the year of birth would be more than sufficient for analysis. I've recently completed a questionnaire from the local council about a proposed development and they asked for one's age in 5 year blocks which I was happy to provide. But the actual date? Clearly the BBC is one of the offenders demanding and retaining unnecessary personal information.

As for "Fines of up to £17million, I assume that they will all go to the government rather than to the people whose data was wrongfully retained. It would be far too much to expect anything else!