Home > News
Mind my data Click to visit the homepage
The ICO is manipulating the process again
The basics
Plausible deniability
Employment agencies
Useful links
Open in a new window/tab
The Information Commissioner
Mailing Preference Service
Telephone Preference Service
Royal Mail junk mail opt-out
Register of data controllers
Analysis
My response to the ICO's tweet about policy
Are data controllers 'officially' lying to us?
Why do we need to accept a Privacy Policy?
Can I opt-out of a renewal quote under section 11 of the DPA?
Who's texting me about PPI?
Marketing corporate employees by e-mail

BBC's Click fails to warn viewers about potential risks to their data

Many of the websites reviewed by Click require the data subject to register with overseas data controllers and thus forgo their rights as UK data subjects.

In the WebscapeNew window feature of the BBC's Click programme the presenter reviews a number of websites which she thinks will appeal to Click viewers. What she fails to point out though is that many of these recommended websites require the individual to register with a non-UK data controller.

For many of the websites recommended by Webscape, registration will require the individual to expose their personal data to a data controller who is not bound by the DPA98. Although this may not seem such a big deal with well known overseas websites such as Twitter or Facebook, registering with a relatively unknown overseas website - which are often the kind of websites recommended by Webscape, may not be a wise move. Your biggest risk is that your personal data could be exposed to spammers because an overseas data controller is unlikely to be required to implement the same level of data security as a UK data controller. Another risk is that the data controller will bombard you with marketing and/or sell your data to third party companies as a means of earning revenue and there's very little that you can do to prevent this.

As an example, I visited a US-based website many years ago and added my e-mail address to an online petition to get the film "Where Eagles Dare" released on DVD. I still get spammed at that e-mail address today - last week to be exact. It was more than ten years ago and I'm still getting spammed because there's nothing that I can do to make the marketing stop. In contrast, I follow up on every single unwanted marketing that I receive from UK companies because I know that ultimately I can take them to court if they don't stop.

When you consider the potential risk to personal data, I don't think that it's unreasonable for the Click presenter to make the viewer aware of any website recommendations that require them to forgo their rights as a UK data subject; particularly when you bear in mind that Click's viewing audience will include children. Perhaps they could introduce a traffic light system as part of the reviews, something like this:

Green - for websites with UK-based data controllers.

Amber - where the data controller is non-UK based but they either subscribe to the European Safe Harbour rules or they have a privacy policy aimed at protecting the rights of data subjects - no selling to third parties, honouring unsubscribe requests etc.

Red - where the data controller is non-UK based and where no privacy policy exists or where their privacy policy gives the data controller carte blanche to do whatever they like with the data.

I think it would be prudent of the BBC to make their viewers aware of any data processing risks associated with signing up for the websites recommended by Webscape.

Last updated: 30.09.2012