Dayglo's mission to get his life back!

[Guest willowb]

Hey now DG left we can hog his thread!!!!!!!

LoL....like we didn't own it anyway!

 

 

Wxxxx

[shelter pie]

Hi DG Ive just caught up on this thread very inspiring.

 

Its a shame you are leaving as I could have done with somebody like you around to support me!!!

 

alll the best

[Guest screwloose]

I've noticed!!

[hannah8686]

One thing i have noticed is they all leave us in the end. first Surlybonds disapeared, now Dayglo.

thanks for all your help Dayglo dont blame you for giving up this thread for new year. you seemed to be on it constantly . good luck with your case etc

[pugsley]

you will be missed xxxxx

[SurlyBonds]

One thing i have noticed is they all leave us in the end. first Surlybonds disapeared, now Dayglo.

 

thanks for all your help Dayglo dont blame you for giving up this thread for new year. you seemed to be on it constantly . good luck with your case etc

 

 

"first Surlybonds disapeared"

 

No... not actually disappeared... just taking a few months out to TOTALLY focus on a number of legal arguments to put these a**hole banks/CRAs/etc. back under the rock where they belong.

 

However, a family situation did arise that required my attention for a while.

 

The progress in dealing with these legal cases is slow and labourious, but it is worth it... we've managed to win some very crucial arguments, both out and in the County Court, for several cases relating to CRA data processing. However, we are trying to get one of those elevated to a higher Court so that it can become a legal precedent.

 

Will be back when we have compiled a complete set of cases/templates/etc. and have some cast-iron processes in place.

[dayglo]

well there's a thing....

 

SurlyBonds returning! I wonder who else might pop back to say hello?

[Tinkerbelle]

*giggle* Hello!

[Guest willowb]

......and.........*dusts self off*........bloomin'eck!

 

Good to see both of you!

 

Wxxx

[dayglo]

I don't know if you intend to stick around much SB - but there is a question that I've come up agaisnt and I'd be interested in your views....

 

Your assertion that consent to process data ends when the contract ends yet under Schedule 2, para 6 - A data controller only has to show a legitimate interest etc....

 

So why the big fuss about consent?

[dayglo]

Hi DG Ive just caught up on this thread very inspiring.

 

Its a shame you are leaving as I could have done with somebody like you around to support me!!!

 

alll the best

 

with such nice things like that being said - I can hardly leave you without support can I?

[SurlyBonds]

I don't know if you intend to stick around much SB - but there is a question that I've come up agaisnt and I'd be interested in your views....

 

Your assertion that consent to process data ends when the contract ends yet under Schedule 2, para 6 - A data controller only has to show a legitimate interest etc....

 

So why the big fuss about consent?

 

You are aware that all along, I have only managed to get successes on 'settled' defaults (athough one 'unsettled' case did get cleared, I think due to them being too frightened to test it in Court).

 

I'm happy with an unsettled debt being a legitimate interest (albeit an alleged one), but not when it is made up of unlawful penalty charges. I want to see a total change in the law whereby CRAs cannot take instruction from a lender just on the say-so that the lender 'thinks' the borrower has defaulted - there should be conclusive proof and nothing regitered if there is a legitimate complaint being investigated or the subject of legal action.

 

OK, back to 'legitimate interest'. e.g.

1) A customer borrows £4,000 and after, say, a year, defaults.

 

2) The lender issues a default notice and registers this with the CRAs ... yes, it can be argued that (at thismoment in time) they now have a legitimate interest to process that data in the pursuit of the alleged debt.

 

3) The customer eventually repays all owed monies and the lender is now content that no debt remains.

 

4) The contract is, therefore, now fulfilled by both parties and has come to an end. All terms and conditions of that contract are now null and void, unless there is a clear indication in that contract that the terms and conditions extend to a particular date*.

 

5) Precisely what 'legitimate interest' does the lender now have in the personal data of the borrower?... other than putting it on their OWN internal systems not to lend to that borrower again. Note: Internal systems does not equate with CRA databases.

 

* Note: Since I kicked this up with Experian last year about the Orange issue, they have modified their suggested templates for lenders to change the wording to now go past the contract closure date...interesting.

 

By definition, 'legitimate interest' means "to be permitted by a) Statute, b) Case Law or c) with the permission of the Courts i.e. signed by a judge."

 

To a), we have already established that no Statute exists - the DPA includes the term 'legitmate interest' to point out that the Data Controller must prove this as a legitimate interest - the DPA does ot actually give this interest.

 

for b) no precedent exists anywhere, and is (anyway) actually a "lawful interest" not "legal/legitmate interest"

 

...BTW, Experian admitted in their letter to a) and b) being the case...

 

and c) do you know ANYONE whose CRA default has been authorised and signed as an Order of the Court????

 

Quad erat demonstrandum.

 

If you fancy a bit of light reading, go to Amazon and read the Tort law book by Tony Weir, and The Law of Contract (Fundamental Principles) by Smith - worth their weight in gold, (or bank refund cheques, which I believe are worth considerably more these days!)

[dayglo]

You are aware that all along, I have only managed to get successes on 'settled' defaults (athough one 'unsettled' case did get cleared, I think due to them being too frightened to test it in Court).

 

I'm happy with an unsettled debt being a legitimate interest (albeit an alleged one), but not when it is made up of unlawful penalty charges.

 

Yes - I agree with all that.

 

I want to see a total change in the law whereby CRAs cannot take instruction from a lender just on the say-so that the lender 'thinks' the borrower has defaulted - there should be conclusive proof and nothing regitered if there is a legitimate complaint being investigated or the subject of legal action.

 

ok - again, I agree with that too. You and I both know that currently a CRA merely has to show 'reasonable steps' and I can't quite put my hands on the document that spells it out but that's fair enough.

 

OK, back to 'legitimate interest'. e.g.

 

1) A customer borrows £4,000 and after, say, a year, defaults.

 

2) The lender issues a default notice (what sort of default notice - as this is where I think there is an issue. As far as I can tell a default notice is only defined in the Consumer Credit Act and it merely acts as a gateway to a) debt collection agencies and b) a sort of final warning to a consumer. A default flag from a subscriber to a CRA, especially where the CCA is not an issue (mobile phone companies) is completely seperate and independant of any 'default notice' and registers this with the CRAs ... yes, it can be argued that (at thismoment in time) they now have a legitimate interest to process that data in the pursuit of the alleged debt.

 

3) The customer eventually repays all owed monies and the lender is now content that no debt remains.

 

4) The contract is, therefore, now fulfilled by both parties and has come to an end. All terms and conditions of that contract are now null and void, unless there is a clear indication in that contract that the terms and conditions extend to a particular date*.

 

5) Precisely what 'legitimate interest' does the lender now have in the personal data of the borrower?... other than putting it on their OWN internal systems not to lend to that borrower again. Note: Internal systems does not equate with CRA databases.

 

well - in my case with vodafone, and supported by the Information Commissioners Office - they argue that it is in the interests of consumers as a whole and the credit industry as a whole to share this data and that 6 years is as reasonable time period as any other.

 

* Note: Since I kicked this up with Experian last year about the Orange issue, they have modified their suggested templates for lenders to change the wording to now go past the contract closure date...interesting.

 

By definition, 'legitimate interest' means "to be permitted by a) Statute, b) Case Law or c) with the permission of the Courts i.e. signed by a judge."

 

This is key - absolutley key - What is the source of this definition? I've researched this from a laymans point of view until I hit a wall and could not find anything to define legitimate interst. It appears to orginate from the Human Rights Act.... but hey...

 

To a), we have already established that no Statute exists - the Data Protection Act includes the term 'legitmate interest' to point out that the Data Controller must prove this as a legitimate interest - the Data Protection Act does ot actually give this interest.

 

for b) no precedent exists anywhere, and is (anyway) actually a "lawful interest" not "legal/legitmate interest"

 

...BTW, Experian admitted in their letter to a) and b) being the case...

 

and c) do you know ANYONE whose CRA default has been authorised and signed as an Order of the Court???? by definition, that would never happen - you know that!

 

Quad erat demonstrandum.

 

If you fancy a bit of light reading, go to Amazon and read the Tort law book by Tony Weir, and The Law of Contract (Fundamental Principles) by Smith - worth their weight in gold, (or bank refund cheques, which I believe are worth considerably more these days!)

 

but I come back to the point that consent is largely irrelevant expecialy when the CCA does not apply.

 

Section 10 - DPA is crystal clear.

 

step 1) issue the notice

step 2) wait 21 days to see what they reply with

step 3) if any of paras 1-4 are in place (remember para 1 is the consent one!) then a S.10 notice is invalid

Step 4) as described in S.10(4) - you go to court and ask a judge to decide.

 

If I was a data controller - I would always just claim (using para 6) my legit. interest outweighs the interest of the data subject or the damage and distress IS warranted.

 

Consent just doesn't arise.

 

(nice to see you back by the way!)

[Guest willowb]

If I was a data controller - I would always just claim (using para 6) my legit. interest outweighs the interest of the data subject or the damage and distress IS warranted.

 

Ok...getting confused:confused: lol if this is the def of legit interest then how can the CRAs argue that they have any?

 

By definition, 'legitimate interest' means "to be permitted by a) Statute, b) Case Law or c) with the permission of the Courts i.e. signed by a judge."

 

To a), we have already established that no Statute exists - the Data Protection Act includes the term 'legitmate interest' to point out that the Data Controller must prove this as a legitimate interest - the DPA does ot actually give this interest.

 

for b) no precedent exists anywhere, and is (anyway) actually a "lawful interest" not "legal/legitmate interest"

 

...BTW, Experian admitted in their letter to a) and b) being the case...

 

and c) do you know ANYONE whose CRA default has been authorised and signed as an Order of the Court????

 

Quad erat demonstrandum.

 

Wxxxx

[dayglo]

Ok...getting confused:confused: lol if this is the def of legit interest then how can the CRAs argue that they have any?

 

 

 

Wxxxx

 

I'm not sure that is the definition of 'legitimate interst' - if it is, it's not very well known by organisations that you would have expected to know!

 

many organisations that I have spoken to say only a judge can define legitimate interest and it's usually done on a case by case example.

 

If the definition was that clear - then I would have expected it to appear or to be the source of the advice given in the ICO's legal guidance document that sits alongside the DPA

[dayglo]

If you fancy a bit of light reading, go to Amazon and read the Tort law book by Tony Weir, and The Law of Contract (Fundamental Principles) by Smith - worth their weight in gold, (or bank refund cheques, which I believe are worth considerably more these days!)

 

smile. For reasons that would appear obvious to anyone that has waded their way through all 84 pages of this thread, I'd spent so much time on here towards the back end of the last year that I risked swapping one problem for another! My intention is to attend court on the 26th of March, present my case and see what happens after that.

[SurlyBonds]

but I come back to the point that consent is largely irrelevant expecialy when the CCA does not apply.

 

Section 10 - Data Protection Act is crystal clear.

 

step 1) issue the notice

step 2) wait 21 days to see what they reply with

step 3) if any of paras 1-4 are in place (remember para 1 is the consent one!) then a S.10 notice is invalid

Step 4) as described in S.10(4) - you go to court and ask a judge to decide.

 

If I was a data controller - I would always just claim (using para 6) my legit. interest outweighs the interest of the data subject or the damage and distress IS warranted.

 

Consent just doesn't arise.

 

(nice to see you back by the way!)

 

Source: OED Edition XI

legitimate - adj. conforming to the law or to rules, able to be defended with logic or justification

origin ME from med. L. legitimatus, legitimare 'to make legal'

 

'Public interest' in no way equates with default information being held for six years. The lender and the CRA may have absolutely no background information to the financial difficulty that precluded the default, and it is totally prejudicial to impose life-changing decisions on people purely on the basis of one event, that may never be repeated. It could have happened due to a whole host of reasons e.g., redundancy, divorce, bereavement, etc., and no organisation is allowed to be prejudicial based on historic data unless it is has an absolute over-riding public interest factor. A default for e.g., £90, or £900 for that matter, is NOT in the public interest.

 

This is not the days of Debtors Gaol where you were ostracised from polite society - or it shouldn't be, although the CRAs like to think so.

 

Even the Rehabilitation of Offenders Act only imposes a 5 year criminal record term (non-custodial), or 6 if a custodial punishment, for serious crimes that go against the criminal code. Effectively, the CRAs and lenders are imposing the same or more 'bad kitty records' on a money defaulter as a convicted criminal, for something that is a purely civil matter and nothing like a criminal case.

 

The ICO is totally wrong to pass judgement without any legal guidelines, and we are continuing to challenge them on this point. We are trying to force one case through to a higher Court to do just that - set a precedent, but the Courts seem unwilling to do anything except through County Courts. That's fine, it gets us the result, but not with a precedent that is badly needed. I fear that political interference has been involved as they realise that this could upset the CRA and financial industries bigtime.

 

As to your notes above, step 3 - consent ceased on cessation of the contract - that's a plain simple fact about contractual law. A contract is a set of agreements defining:

a) the parties' responsibilities in supply of goods or service

b) the timescales and management of that delivery

c) the remuneration (if any) due by each party

d) the timescale for that contract to run (assumed in law to be either a fixed term, or in perpetuity, unless cancelled by one party or another)

e) any responsibilities due by either party that extend past termination date, e.g. product guarantees, etc.

e) ALL contracts are subject to English Law.

 

If the contract has not explicitly stated that data will be processed for six years after the termination of the contract, then it is not a lawful exercise. Any term that was worded like this can also be challenged as unlawful anyway, as there is no reciprocal facility for the borrower.

 

Up until last summer, no contracts had any references to lenders being allowed to process data past the end of the contract. In the last 6 months, the templates have all been changed to include terms like:

"You grant us permission to continue holding data about you as to the conduct of your account for the purposes of customer marketing and in the event if account resurrection."

 

Even then, they cannot include clauses that allow them to process your data externally past the contract finish date. You can also write to them and inform them that you have no interest in using their services in the future and therefore you would like your data file destroyed.

 

Just another point of interest on this... when I changed my mobiles to T-Mobile last year, I crossed through the clauses relating to the DPA, and permission to process data, etc., other than the initial credit search. To date, T-Mobile have not entered anything on my credit records whatsoever, other than the initial search information. Whilst I have maintained the payment schedule, there is no entry for them on any file. When I asked them about this, they admitted that they couldn't because I had voided the relevant clauses and therefore they had referred it to the Controller dept., and decided not to send monthly payment updates to the CRAs.

 

Unfortunately, there are not enough people prepared to take these matters to the Courts, they are simply rolling over when the banks and CRAs tell them to bog off. It's just a case of picking through your specific contract and enforcing the terms one by one.

 

Judges look at these matters rationally, and with no vested interest, and they have to apply "proportionality" to the extent of the data processing. It is part of their remit to ensure that "a sense of proportion" is applied to the evidence, judgement and punishment/sentence/order.

 

I have yet to see any County Court judge rule that a settled default for e.g. £300 on a mobile phone is a matter for the public interest. However, I am happy to stand corrected if anyone knows of such a case and I would be interested to see how any case was presented.

[un1boy]

Welcome back Surly - I will catch up on the most recent posts later!

[un1boy]

hi in terms of processing being unlawful because they mention nothing about retaining data for 6 years, they then can't "hide" under 2(6)(1).

 

With the help of lookingforinfo, the ICO's guidelines on this are:

"Meeting a Schedule 2 and Schedule 3 condition will not, on its own, guarantee that processing is fair and lawful. The general requirement that data be processed fairly and lawfully must be satisfied in addition to eeting the conditions."

 

So, if the processing is unlawful then that overrides any other rights the data controller may have, which, I think is fair enough!

 

The problem is getting them to admit that the processing is unlawful without a fight!

[Number6]

Good to see you back SB!!

 

DG - I have your email but I'm running around like a headless chicken right now; I'l answer a.s.a.p.

 

Pete

[dayglo]

Source: OED Edition XI

legitimate - adj. conforming to the law or to rules, able to be defended with logic or justification

origin ME from med. L. legitimatus, legitimare 'to make legal'

 

 

Cheeky sod. I am quite capable of reading a dictionary! An OED definition of legitimate is one thing - a court’s interpretation of “legitimate Interest” is quite another.

 

'Public interest' in no way equates with default information being held for six years. The lender and the CRA may have absolutely no background information to the financial difficulty that precluded the default, and it is totally prejudicial to impose life-changing decisions on people purely on the basis of one event, that may never be repeated. It could have happened due to a whole host of reasons e.g., redundancy, divorce, bereavement, etc., and no organisation is allowed to be prejudicial based on historic data unless it is has an absolute over-riding public interest factor. A default for e.g., £90, or £900 for that matter, is NOT in the public interest.

 

Agreed – and that is covered in schedule 2 para 5. 5. The processing is necessary-

 

(a) for the administration of justice,

(b) for the exercise of any functions conferred on any person by or under any enactment,

© for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or

(d) for the exercise of any other functions of a public nature exercised in the public interest by any person.

 

Of course you will note that Para. 5 is not one of the Golden Paragraphs (1-4) that prevent the issuing of a notice under S.10(1).

 

However, Data Processing deemed to be in the public interest under Sched 2, Para 5(d) is not the same as processing under Para 6. The “one about legitimate” interests!

 

(1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

 

The Information Commissioners Office has this to say about ‘legitimate interests’

 

The Commissioner takes a wide view of the legitimate interests condition and recommends that two tests be applied to establish whether this condition may be appropriate in any particular case. The first is the establishment of the legitimacy of the interests pursued by the data controller or the third party to whom the data are to be disclosed and the second is whether the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject whose interests override those of the data controller. The fact that the processing of the personal data may prejudice a particular data subject does not necessarily render the whole processing operation prejudicial to all the data subjects.

 

Taken from http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/data_protection_act_legal_guidance.pdf and in my case in particular Vodafone have produced the letter from the Information Commissioners Office containing this below

It is our view that the condition for processing below (Schedule 2 part 6) covers the sharing of account data with the credit reference agencies for the duration of a contract and six years beyond.

 

"The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case because of prejudice to the rights and freedoms or legitimate interests of the data subject."

 

We take a wide view of the legitimate interests and we consider that it is in the interests of other creditors to make informed lending decisions. It is important to note here that the fact that the processing may be seen by some to prejudice a particular individual (for example, someone with an adverse entry on his credit reference file may not be able to obtain credit facilities) does not necessarily render the whole processing operation prejudicial to all individuals.

Now of course, you and I may disagree with this but I am considering the position of the judge. I expect him or her to take quite seriously the views of the official regulatory body that looks after the DPA. One the one hand he has me stating “cease processing my data because it causes me substantial damage and distress that I maintain is unwarranted and is prejudicial to my legitimate rights and freedoms. On the other hand, he has Vodafone claiming a) a legitimate interest to process my personal data so that they can make more informed lending decisions (a position supported by the current Govt if this document is anything to go by http://www.dti.gov.uk/files/file34513.pdf

 

 

In your sticky thread here http://www.consumeractiongroup.co.uk/forum/legalities/24013-defaults-proposed-method-removal.html#post187269 you say

 

e) Civil contract details cannot be stored unless you agree in writing. The Data Protection Act states clearly that your account information is personal data and only you have the right to determine who may collate, process and disclose it.

 

And I don’t think the second half of that sentence is true. It is not only the data subject that has the right to determine who processes personal data. The conditions required for legitimate processing of data are contained in Schedule 2 Paras 1 to 6. A data controller only has to satisfy 1 of these conditions to process personal data. Having a contract in place satisfies (in all likelihood) paras 1 & 2. As Paras 1 & 2 are 2 of the golden paragraphs it merely prevents you from ‘stopping’ the processing of data under S.10. So this is the only difference that the ‘consent’ issue makes.

 

Even the Rehabilitation of Offenders Act only imposes a 5 year criminal record term (non-custodial), or 6 if a custodial punishment, for serious crimes that go against the criminal code. Effectively, the CRAs and lenders are imposing the same or more 'bad kitty records' on a money defaulter as a convicted criminal, for something that is a purely civil matter and nothing like a criminal case.

 

 

Ok – but in the absence of a defined time period – if someone is going to challenge in a court that six years is unreasonable and in breach of the fifth principle (remember the Information Commissioners Office say quite clearly that their view is that 6 years IS reasonable) then I think that’s a hard argument for a lay person to present and win. CCJ – six years, Bankrupty – Six years, it’s not a massive leap for a judge to decide that 6 years for a Default is also ‘reasonable’. My position is not that I agree with this, just that I can see how the argument can be made.

 

The Information Commissioners Office is totally wrong to pass judgement without any legal guidelines, and we are continuing to challenge them on this point. We are trying to force one case through to a higher Court to do just that - set a precedent, but the Courts seem unwilling to do anything except through County Courts.

 

Good – Getting the Information Commissioners Office to change their mind is key to this. We may not respect their work in this area to date but they ARE a respectable and influential body in the eyes of the courts I would suspect. Also interesting in my particular case that my local county court didn’t believe they were the right place to hear my case at first – we’ll what happens in March.

 

That's fine, it gets us the result, but not with a precedent that is badly needed. I fear that political interference has been involved as they realise that this could upset the CRA and financial industries bigtime.

 

Again, the bottom line here is that the govt. WANT to give the CRAs MORE power and MORE influence because they are perceived to be a) good at it b) a key partner to reducing over-burdoned ‘debt’ of individuals. The recent findings from the OFT in their investigation into doorstop lending was to 'make sure this data is shared with CRAs to protect the public!!!!! BBC NEWS | Business | 'High price' of doorstep lending

 

 

As to your notes above, step 3 - consent ceased on cessation of the contract - that's a plain simple fact about contractual law. A contract is a set of agreements defining:

a) the parties' responsibilities in supply of goods or service

b) the timescales and management of that delivery

c) the remuneration (if any) due by each party

d) the timescale for that contract to run (assumed in law to be either a fixed term, or in perpetuity, unless cancelled by one party or another)

e) any responsibilities due by either party that extend past termination date, e.g. product guarantees, etc.

e) ALL contracts are subject to English Law.

 

 

I know what a contract is and I know what the implications are. I am an Engineering Contracts Manager! My point is that with the ending of the contract it doesn’t automatically follow that data processing should cease if any of the other conditions described in paragraphs 1-6 of schedule 2 are met.

 

Just another point of interest on this... when I changed my mobiles to T-Mobile last year, I crossed through the clauses relating to the Data Protection Act, and permission to process data, etc., other than the initial credit search. To date, T-Mobile have not entered anything on my credit records whatsoever, other than the initial search information. Whilst I have maintained the payment schedule, there is no entry for them on any file. When I asked them about this, they admitted that they couldn't because I had voided the relevant clauses and therefore they had referred it to the Controller dept., and decided not to send monthly payment updates to the CRAs.

 

Well done. I think that’s case of 1 – 0 to you based on your quick thinking and sloppy training of a T mobile rep. Nice idea to put in the old memory banks for next time though.

 

 

Judges look at these matters rationally, and with no vested interest, and they have to apply "proportionality" to the extent of the data processing. It is part of their remit to ensure that "a sense of proportion" is applied to the evidence, judgement and punishment/sentence/order.

 

You have more experience here, clearly, than most others - me included. But around CAG, with one or two exceptions, when arriving in court - the judge has appeared to have either already made up his mind or allows/disallows some line of attack/defence that was not expected. If I'm going to be successful in my claim - I have to try to understand what the argument of the defence is going to be. It doesn't mean i agree with it!

[alanfromderby]

well there's a thing....

 

SurlyBonds returning! I wonder who else might pop back to say hello?

 

 

Hello!

[ClintMccutcheon]

well there's a thing....

 

SurlyBonds returning! I wonder who else might pop back to say hello?

 

 

 

from previous reading, this seems to be a damn good thing.....

[dayglo]

hello too.

[dayglo]

good afternoon. Well maybe I was a bit hasty in the old 'no more posting etc.' - so I just thought some people might benefit from an update regarding the vodafone claim.

 

Imagine my anticipation when I received a small letter from V/f - It could only be the long awaited "...without liability etc... not commercially sensible to continue..... decided to remove default....." well, in keeping with much that is going on at the moment, no such luck. In fact it got worse, vodafone have apparantly misrepresented my claim to the Information Commissioners Office with the intention of presenting a letter from the Information Commissioners Office to the court which suggests many things that I have supposedly "failed to understand," or "is wrong to think" etc....

 

I was livid that such a sneaky strategy would be used to make me appear misinformed and a bit of a chancer.

 

So I have copied the letter to Vodafone from the Information Commissioners Office (note the New Year best wishes etc... how pally are this lot together?)

 

Dear Ms Chandler

 

I write in response to your letter of 22 December 2006 in which you requested further advice on the application of section 10. I trust the new year finds you and your colleagues well.

 

Unlike many aspects of the Data Protection Act 1998 (in particular section 10), I think this is a relatively straightforward issue. The complainants in this context are wrong to suggest that Vodafone Limited cannot refuse to comply with the notice to cease processing simply because paragraph 6 is not specified in section 10(2) as being a condition which, when relied on to process personal data, allows the data controller to disregard the notice automatically. They have failed to realise that a notice to cease under section 10 can also be refused on the grounds that the processing is not causing or is unlikely to cause unwarranted substantial damage or distress – the schedule 2 condition for processing is irrelevant in this regard.

 

Following on from that, you are correct that the basis for continued legitimate processing of personal data (here, schedule 2 paragraph 6) is an entirely separate issue from the question of damage or distress. In other words, while the complainants appear to think that the only reason to disregard a section 10 notice is where s10(2) applies to the processing, even in cases where it does not, you are entirely correct to consider whether section 10(1) (a) and (b) apply to the notice itself. If they do not, you would be correct in refusing to comply,

 

Yours sincerely

 

Senior Guidance and Promotion Manager.

 

You can imagine my rage at such nonsense. Rememer, I issued the S.10 notice correctly, the only response I got back within the 21 days were a rubbish letter from a customer services 'specialist' and another one from Amanda Chandler in which she failed to challenge either damages/distress unwarranted etc or that sched. 2 para 6 was valid.

 

So here was my letter in response.

 

Thank you very much for the copy of the letter from the Information Commissioner’s Office to your Ms Chandler regarding further advice on Section 10 of the Data Protection Act.

 

This letter refers to a previous letter apparently from Ms Chandler to the Information Commissioners Office. As I have not seen this letter I can only speculate as to it’s contents.

 

I am offended by the apparent suggestions that I am:

 

1. “wrong to suggest that Vodafone Limited cannot refuse to comply with the notice to cease processing simply because paragraph 6 is not specified in section 10(2) as being a condition which, when relied on to process personal data, allows the data controller to disregard the notice automatically”

 

and that I have:

 

2. “failed to realise that a notice to cease under section 10 can also be refused on the grounds that the processing is not causing or is unlikely to cause unwarranted substantial damage or distress – the schedule 2 condition for processing is irrelevant in this regard.”

 

And that I:

 

3. “appear to think that the only reason to disregard a section 10 notice is where s10(2) applies to the processing, even in cases where it does not, you are entirely correct to consider whether section 10(1) (a) and (b) apply to the notice itself. If they do not, you would be correct in refusing to comply,”

 

I shall take each point separately.

 

Your assertion in paragraph 1 above that I have suggested that you cannot ignore my s10(1) notice purely because paragraph 6 isn’t specified in s10(2) is wholly wrong. I have not suggested that you cannot ignore it, merely that you didn’t specify this as your reason for not complying with my properly formatted and addressed notice within the statutory time frame of 21 days. May I remind you that your actual response to my notice was your letter from Maureen P King dated 23 August 2006 in which you claimed the reasons for not complying with my notice were:

 

“The contract you signed, when you connected to the Vodafone network, was and is covered by the consumer credit act 1974”

 

and

 

“Under the regulations of the Parliamentary legislation, any default registered has to remain on file for six years”

 

You had the opportunity at this point to refuse to comply with my notice by relying on the conditions described in Schedule 2 paragraph 6 or that the conditions in S10(1)(a) or (b) applied. You did not do this.

 

You also did not do this in the follow up letter from Amanda Chandler dated 31 August 2006. At no point within the statutory 21-day period did you claim the processing of my personal data should continue on the basis that the conditions described in Schedule 2 paragraph 6 were met.

 

The second point raised above concerning whether or not substantial unwarranted damage or distress took occurred is interesting. I stated quite clearly my position on this matter in my S10(1) notice. I informed you that I considered that substantial damage or distress had occurred and that this was unwarranted. The information Commissioner’s Office are quite correct to state that you could have challenged my notice by arguing that substantial damage or distress had either not occurred or that it had occurred but that it WAS warranted. You did not do this either within your 21-day statutory period or in any subsequent correspondence. So I am sure you will understand my offence at the suggestion that I “failed to realise that a notice to cease under section 10 can also be refused on the grounds that the processing is not causing or is unlikely to cause unwarranted substantial damage or distress” . I completely understand on what grounds a Data Controller can or cannot refuse a notice issued under s10(1) instead may I suggest that in this particular case, Vodafone did not respond in a manner that would suggest complete understanding of Section 10 of the Data Protection Act based on the letter from Maureen P King dated 23 August 2006.

 

The final point regarding whether or not 10(1)(a) and (b) apply to the notice has largely been dealt with above. The information Commissioner’s office are quite correct to state that had (a) and (b) not applied then you would be correct in refusing to comply with my notice. However, in this case, (a) and (b) do apply, and you did not challenge this application within the 21 day period so you are not correct in refusing to comply on this basis.

 

In summary I believe you have deliberately misrepresented my claim against you to the Information Commissioner’s Office in order that you may present this letter to the court which gives a distinct and yet false impression that there are gaps in my knowledge and application of section 10 of the Data Protection Act in this case.

 

It looks like we're going all the way with this one. but how sneaky are Vodafone to subtley re-word my claim to get such a response from the Information Commissioners Office?