Some debate that it ‘extends’ the powers of RIPA. UK government officials claim it is just to cover the loss of the EU data retention requirements temporarily until they think of some new that is more manageable. Read what Panopticon blog is saying and decide for yourself?
I am amazed at how little publicity there was on Daniel Eks, founder of Spotify that had his identity stolen. The identity fraudster purchased goods of nearly 1 million kronor in his name and has now been indicted to 2 years in prison. A small price to pay for 1 million kronor don’t you think?
The RTBF (Right to be forgotten) is a hot topic following the Spanish ruling against Google. The fact is that European Google must first evaluate and remove if considered reasonable search results that threaten the requester’s right to personal privacy. It is claimed to be a blow to Freedom of Speech. Google has already received 70,000 requests and receives on average 1000 requests each day! In U.K. claims are being made that it is in conflict with s.32 of the Data Protection Act 1998.
Christopher Graham the Information Commissioner gives a good explanation of what it really means, but unfortunately it is lost in the panicked crys of other participants in the debate.
It is very straight-forward: There is claimed to be a the conflict between the Freedom of Speech and Personal Privacy, i.e. in this case the RTBF. However there is not, it is as Graham states:
1) There are two types of parties here: a) the data controller, and b) the journalist;
2) The ruling pertains to the data controller the RTBF, not journalists, so in UK for example, this does not impact s.32 of the Data Protection Act;
3) Just that the search results are not returned by the search engine of the data controller, does not mean that the data does not exist. It is just that is is not searchable;
4) This information pertaining to an individual is still on the website of the newspapers, and should be searchable directly on the website.
So this cannot be likened to ‘burning of books’ or ‘re-writing history’ as in George Orwell’s 1984. It basically means that if, for example an individual defrauded the Inland Revenue 10 years ago:
– If you search for this person by name, it will not return this name in the result.
– However if you search for ‘Inland Revenue fraud’ it could return this person’s name in one of the related articles.
What I see is that the main challenge is from a technical perspective. At the moment the onus is on the data controllers to receive requests, to decide if the requester has a valid request for removal from their search engines. However, I believe that this should be done as default by websites of newspapers. This could be difficult because on a technical level it is only possible, that I am aware of today, to exclude whole webpages from Google, not names or specific words.
The rapid increase in identity fraud in Sweden is gaining some media attention (http://www.svd.se/opinion/brannpunkt/krafttag-kravs-mot-id-kapning_3767990.svd). However they are missing the point. The solution is not to purely simplify the ‘clean-up process, but to change the law. And changing the law is not purely about criminalizing the crime but to enforce an individual’s basic fundamental right to information privacy. You should have the right to remove your personal information from websites making money from it! For example I have tried removing my date of birth from www.birthdays.se (see previous posts) and request was refused. The problem I have with my date of birth being public is that:
1) it is my personal information, and;
2) it is the first 6 digits of my Swedish personal id (YYMMDD-xxxx).
The root of the problem is that although the Personal Data Law (PuL) is here to protect our personal information, in this context the PuL is impotent. The Swedish codification of the European Union Directive on Data Protection just does not work. The source of the problem is that the Personal Data Act (PuL) does not apply if its application is in contrary to the Fundamental Law on Freedom of Expression (1991).
So what this means is that the Fundamental Law on Freedom of Expression is being abused by companies making money from our identities. And I think that It is about time that this abuse is stopped!
Great discussion program on Sverigesradio P1 http://t.sr.se/1nn32KX running now (Plånboken). It discusses the breath of the problem, and how the Swedish police believe that there is no solution to protect us today.
Well quite a lot according to some sources. I found a Child Identity Theft Education Kit that you may find useful. I am looking around for more on this subject. I have not heard that there is so much of a problem here in the Nordics, but in the United States there seems to be quite significant, and is growing because a child’s identity is a ‘clean-slate’ and perfect target for identity fraud.
Well the identity-thief collects the ID information of an unsuspecting person, previous articles on this blog give a background on how easy it is to steal a Swedish resident’s personal ID.
One way is that the identity thief then goes on line, and orders a fraudulent ID card and/or a fake passport.
Hence since the personal number, a vital specific identification number used in Sweden to identify an individual is correct but the photo on the ID card or passport is that of the identity thief, the identity thief can go on a shopping spree! Easiest is to buy electronic goods on credit with a small down payment (avbetalning). The real identity owner gets to foot the rest of the bill. It’s easy to find your address online in hitta.se. A shop assistant would feel that the details are correct and process the transaction.
So if you thought identity theft was purely about fraudulent use of your credit card, for which normally the bank foots the bill… then you could have an unpleasant surprise in store…