| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (8)

Posted: Apr 7th 2009 4:49PM (Unverified) said

  • 1 heart
  • Report
HA LL have no chance,
Data may only be used for the specific purposes for which it was collected.

Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.

Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).

Personal information may be kept for no longer than is necessary.(Kept up to date)

Personal information may not be transmitted outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.

Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.

Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion)

The Data Protection Act covers any data which can be used to identify a living person. This includes names, birthday and anniversary dates, addresses, telephone numbers, fax numbers, email addresses and so on. It applies only to that data which is held, or intended to be held, on computers ('equipment operating automatically in response to instructions given for that purpose'), or held in a 'relevant filing system'.

It should be noted that an ordinary paper diary can be classified as a 'relevant filing system' if it can be demonstrated that the diary is used to support commercial activities (for example, a salesperson's diary).

Posted: Apr 7th 2009 3:39PM (Unverified) said

  • 1 heart
  • Report
s'more info on the uk data protection act


The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store or collect personal data.

The person who has their data processed has the right to[2]

View the data an organisation holds on them, for a small fee, known as 'subject access'[3]

Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded.[4]

Require that data is not used in a way which makes damage or distress.[5]

Require that their data is not used for direct marketing.[6]

Data protection principles
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met, and in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Personal data shall be processed in accordance with the rights of data subjects under this Act.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Conditions relevant to the first principle
Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data.

The data subject (the person whose data is stored) has consented ("given their permission") to the processing;

Processing is necessary for 'the performance of a contract (any processing not directly required to complete a contract would not be "fair");

Processing is required under a legal obligation (other than one stated in the contract);

Processing is necessary to protect the vital interests of the data subject's rights;

Processing is necessary to carry out any public functions;

Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).

Exceptions
The Act is structured such that all processing of personal data is covered by the act, while providing a number of exceptions in Part IV.[1] Notable exceptions are:

Section 28 - National security. Any processing for the purpose of safeguarding national security are exempt from all the data protection principles, as well as Part II (subject access rights), Part III (notification), Part V (enforcement), and Section 55 (Unlawful obtaining of personal data).

Section 29 - Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle.

Section 36 - Domestic purposes. Processing by an individual only for the purposes of that individual's personal, family or household affairs is exempt from all the data protection principles, as well as Part II (subject access rights) and Part III (notification).

Offences
The Act details a number of civil and criminal offences for which data controllers may be liable if a data controller has failed to gain appropriate consent from a data subject. However 'consent' is not specifically defined in the Act; consent is therefore a common law matter.

Section 55 - Unlawful obtaining of personal data. This Section makes it an offence for people (Other Parties), such as hackers and impersonators, outside the organisation to obtain unauthorised access to the personal data.[7]

Section 56 - This section makes it a criminal offence to require an individual to make a Subject Access Request relating to cautions or convictions for the purposes or recruitment, continued employment, or the provision of services.[8] As of 2007 this section has not yet been enabled.[9] According to the government, this section will not be enabled until the Criminal Records Bureau is providing a 'basic disclosure' service.[10] The provision of a basic disclosure service is dependent on s.112 of the Police Act 1997 being enacted, which provides for "Criminal Conviction Certificate".[9]

Complexity
The UK Data Protection Act is a large Act that has a reputation for complexity.[11] While the basic principles are honoured for protecting privacy, interpreting the act is not always simple. Many companies, organisations and individuals seem very unsure of the aims, content and principles of the DPA. Some hide behind the Act and refuse to provide even very basic, publicly available material quoting the Act as a restriction.[12] The act also impacts on the way in which organisations conduct business in terms of who can be contacted for marketing purposes, not only by telephone and direct mail, but also electronically and has led to the development of permission based marketing strategies.
Reply

Posted: Apr 7th 2009 6:59PM Joystiq Login Bugs SUCK said

  • 2.5 hearts
  • Report
Chmarr,

Data protection just ensures that a company will not release personal detail about a person to the public, and that the company try to ensure that the data remains secure.

The Lab already do that under USA data protection laws, what makes you think that the UK ones are any more restrictive?

This huge copy/pasta you put up without comment has no meaning at all.
Reply

Posted: Apr 7th 2009 4:27PM madeleen said

  • 2 hearts
  • Report
I wonder if they are attempting some type of sharding?

Posted: Apr 7th 2009 7:19PM (Unverified) said

  • 2 hearts
  • Report
look at it this way, LL need to goto the EU data protection act as well as the UK Data protection act, LL thinks they can do what they want but this WILL bite em in the ass due to the high legality of it in the uk
Reply

Posted: Apr 7th 2009 6:59PM Joystiq Login Bugs SUCK said

  • 2 hearts
  • Report
Don't forget region crossing lag with the 80-100ms intercontinental delay added for each and every packet/acknowledgement that needs to move over.

You may have one region in Europe the one east in CA and the one North in CO. The obvious problem is that moving in any direction would require a handoff of all state data over international pipes with this associated added time, the other is that just being a child agent (looking into another sim) requires all that data to be sent and refreshed, once more with international lag.

I think you will find the problems seen in OpenSim with geographically disparate computers will become obvious on a greater scale.

Hmmm, Imagine this though... What if, as part of providing the new AO continent they have decided to move all regions in that grouping from the morally fearful USA with all it's puritanical laws into not London (which would require pretty serious data logging) but somewhere like Sweden.

With all of SL's currently degraded pr0n being moved the new AO continent (Think Dulcett, Gor, Beastiality, Ero Guro, etc) hosting it in a state that had less strict laws and privacy provisions like Sweden would make quite a bit of sense.

Sigh, just a dream.

Posted: Apr 7th 2009 11:09PM (Unverified) said

  • 2 hearts
  • Report
Indeed, Linden Lab are already subject to the Data Protection Act, because they have EU citizens as customers. It's just part of the cost of doing business in the EU - and doesn't suddenly affect them if they start having servers there. They're already expected to be compliant with it, just as they are expected to collect and pay VAT.

Posted: Apr 8th 2009 12:00PM (Unverified) said

  • 1 heart
  • Report
the EU has its own DP laws but the uk has diffrent ones from mainland EU, even though the uk is part of the EU they do not have the same laws as the EU which is why LL are going to find it hard, uk DP laws fall into diffrent regions within the uk

scottish data protection is stricter than england, ireland and wales
english law has diffrent DPA
wales has diffrent DPA
ireland has diffrent DPA

if LL are going to make a data collection sever they need to make one in each of the places above, 1 in scotland, 1 in england 1 in wales and 1 in ireland, the uk has so many diffrent law systems LL would find it near impossible to do it and the cost of it would cause them headaches.

i know what LL is doing and it is scary, there are only a few things they can ask from ppl and the number 1 thing they cannot ask for is for the persons social security number, if they ever ask for that anywhere in the uk then i think the goverment would have something to say as it is only the goverment agencys that can ask for that
Reply

Featured Stories

WRUP: Kingdoms of Amalur was pretty cool edition

Posted on May 26th 2012 10:00AM

Coming soon
Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW