Possibilities to enforce data privacy in the UK?
Thread poster: Erik Freitag

Erik Freitag  Identity Verified
Germany
Local time: 13:27
Member (2006)
Dutch to German
+ ...
Sep 26, 2011

Dear colleagues,

Years ago, I registered with a UK based translation agency. Since I consider this a mistake and don't want to work for them, nor receive mails etc., I requested to delete my account. Surprisingly, this request was denied. They said they can disable my account, but not delete it.

I find this very irritating. Does anybody know where I can register a complaint and/or enforce my right to data privacy?

Many thanks in advance,
kind regards,
Erik



[Bearbeitet am 2011-09-26 10:30 GMT]


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 12:27
Member (2008)
Italian to English
Me too Sep 26, 2011

I had the same problem with a UK agency (but I don't know if it was the same one). I asked them to delete my account and my personal details, and to confirm this back to me; but they never did.

So freitag's question is a pertinent one for me too.


Direct link Reply with quote
 

Ty Kendall  Identity Verified
United Kingdom
Local time: 12:27
Hebrew to English
Data Protection Act 1998 Sep 26, 2011

I think this Act is the most likely avenue to argue on.

It stipulates that an individual has:
•a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed

However you would need to demonstrate that the data they hold on you is in some way INACCURATE. But you said it was "YEARS AGO" , therefore you might be able to argue that it is inaccurate on the basis of being out of date.

But I'm no legal expert. So couldn't possibly comment on the effectiveness of such a strategy, there may be simpler, alternative routes.

http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_6.aspx


Direct link Reply with quote
 

Samuel Murray  Identity Verified
Netherlands
Local time: 13:27
Member (2006)
English to Afrikaans
+ ...
They may keep the info, AFAIK Sep 26, 2011

efreitag wrote:
Years ago, I registered with a UK based translation agency. I requested to delete my account. Surprisingly, this request was denied. They said they can disable my account, but not delete it.


According to this page:
http://www.ico.gov.uk/for_organisations/data_protection/the_guide/information_standards/principle_5.aspx
...the party holding the information may decide themselves for how long they keep your information, and what information about you they want to keep, and (if I infer correctly) the onus is on you to prove (to a court or tribunal) that their reasons for keeping the information do not fly.

From that page:

If personal data has been recorded because of a relationship between you (the holder of the information) and the individual (the person whose information is held), you should consider whether you need to keep the information once the relationship ends.

Example: The individual may be a customer who no longer does business with you. When the relationship ends, you must decide what personal data to retain and what to delete.

You may not need to delete all personal data when the relationship ends. You may need to keep some information so that you can confirm that the relationship existed – and that it has ended – as well as some of its details.


Direct link Reply with quote
 

Aisha Maniar  Identity Verified
Local time: 12:27
Member (2003)
Arabic to English
+ ...
Really? Sep 26, 2011

Is data protection the reason they gave for not removing your details? Whether or not you were given a copy when you signed up for the agency, in error or otherwise, they must have some terms and conditions on how they run their business, including how they handle personal data under the Data Protection Act (DPA). This is probably where you would want to look first. You need to ask this agency why they can't remove this information under any agreement you've made with them - assuming you have - or otherwise under any relevant legislation.

In addition to what Ty has said, under the DPA, data should not be kept for longer than is necessary.

Good luck! Aisha


Direct link Reply with quote
 

Erik Freitag  Identity Verified
Germany
Local time: 13:27
Member (2006)
Dutch to German
+ ...
TOPIC STARTER
Reasons Sep 26, 2011

Thanks for all your input so far!

Samuel, thanks for that information. That's interesting indeed.

The reason they give for not being able to delete my account is simply this: "our site developer is working on a way to delete translators completely but because of the way the system was made, at the present time we cannot delete translators completely", which is a bit difficult to believe if I'm any judge.


Direct link Reply with quote
 

Neil Coffey  Identity Verified
United Kingdom
Local time: 12:27
French to English
+ ...
Data is practically never deleted... Sep 26, 2011

efreitag wrote:
Years ago, I registered with a UK based translation agency. Since I consider this a mistake and don't want to work for them, nor receive mails etc., I requested to delete my account. Surprisingly, this request was denied. They said they can disable my account, but not delete it.


Unfortunately, I think the law isn't terribly clear-cut on this. The Data Protection Act states that they should keep the data for as long as they deem it necessary. The law also appears to say that data should not be kept for longer than necessary, and any no longer necessary information should be deleted from archives/backups.

Now, can you imagine actually implementing this in practice? Your company has a plethora of backups on various media/servers, and suddenly some random person decides that a particular record should be permanently deleted from all of those backups. Can you imagine how much of a nightmare this would be?

Couple that with the fact that it's pretty much standard database practice to never actually delete any records, but rather simply flag them as "deleted", "archived" but keep them physically in the database. Indeed, some database systems actually do this under the hood when you "delete" data. And in addition, filing systems may well keep "deleted" information all over the disk without you really having any control over this.

So from a practical point of view, the company's position that they can "disable" but not physically delete your information is actually not unreasonable. If you think it's worth it, you could probably get into a fascinating, lengthy and costly legal battle with them over it, in which their representative would invent spurious reasons for the necessity of retaining the information, and your representative would invent arguments to counter those reasons.

You have a right to request what information they hold about you, and if the information is actually INACCURATE, have them change it.

Other than that, how long or short do you think life is and how much energy are you really prepared to spend on this...?


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 12:27
Member (2008)
Italian to English
My concern Sep 26, 2011

My concern is about the security of their website and the possibility that it might be hacked. They have my credit card details, name and address on there.

Direct link Reply with quote
 
Richard Foulkes  Identity Verified
United Kingdom
Local time: 12:27
German to English
+ ...
Why not complain to the Information Comissioner? Sep 26, 2011

Perhaps a mention of a complaint to the above would suffice to urge the agency to confirm removal of any unnecessary personal / banking details?

I think the ICO may also deal with unwanted e-mail, so you could kill two birds with one stone. I've heard of companies being barred from ISPs for sending unsolicited e-mails, which may be something the agency would like to avoid.


Direct link Reply with quote
 

Neil Coffey  Identity Verified
United Kingdom
Local time: 12:27
French to English
+ ...
Credit card details... Sep 26, 2011

Tom in London wrote:
My concern is about the security of their website and the possibility that it might be hacked. They have my credit card details, name and address on there.


Tom -- if you're *seriously* concerned because you have some inside information, then inform your credit card company and change your credit card.

If it's just a more vague concern, then unfortunately bear in mind that you credit card details will already be on all sorts of databases, any of which could be hacked at any moment: why privilege this particular one in your worries? That's why if somebody makes a fraudulent transaction on your card, the bank pays you the money back (even if that's eventually, after filling in irritating forms and having infuriating incomprehensible conversations with an Indian call centre).


Direct link Reply with quote
 


There is no moderator assigned specifically to this forum.
To report site rules violations or get help, please contact site staff »


Possibilities to enforce data privacy in the UK?

Advanced search






BaccS – Business Accounting Software
Modern desktop project management for freelance translators

BaccS makes it easy for translators to manage their projects, schedule tasks, create invoices, and view highly customizable reports. User-friendly, ProZ.com integration, community-driven development – a few reasons BaccS is trusted by translators!

More info »
SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search