Putting personal data on the internet and profiling ('digging' for WDTK requester's personal information)
Dear Land Registry,
Background to this request:
1. The LR informed me that it was not subject to FOIA.
For the avoidance of doubt, this is information about the Freedom of Information Act.
https://ico.org.uk/for-organisations/gui...
Outcome:
The LR accepted that it was subject to FOIA and apologised.
:::
2. The Land Registry than put my personal information four times on the WDTK site on the internet.
NB WDTK removed my personal information.
Outcome: The Land Registry apologised - twice
Please therefore read this explanation before disclosing my personal information again on the internet:
Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
For the avoidance of doubt this is information about the Data Protection Act
https://ico.org.uk/for-organisations/gui...
::::
3. The Land Registry failed in its duty to apply Section 16 help and assistance to my request. And continued to try and link a request to my personal circumstances ( Nb Wrongly - by ascribing my request to my present personal address from reading my SAR).
Section 16 in practice
13. A public authority’s duty to provide advice and assistance is extensive and will apply to both prospective and actual applicants for information.
14. The purpose of section 16 is to ensure that a public authority communicates with an applicant to find out what information they want and how they can obtain it.
15. It is not a way for a public authority to establish a motive for the request. A public authority should be prepared to explain why it is asking for more information to avoid giving the impression that it is enquiring into the reasons behind the request. Paragraph nine of the code stresses the importance of this:
‘Authorities should be aware that the aim of providing assistance is to clarify the nature of the information sought, not to determine the aims or motivation of the applicant. Care should be taken not to give the applicant the impression that he or she is obliged to disclose the nature of his or her interest or that he or she will be treated differently if he or she does’.
https://ico.org.uk/media/1624140/duty-to...
As the Land Registry had already attempted to answer the request by putting my personal information onto the Internet, it had clearly failed NOT to link this request to my personal circumstance.
https://www.whatdotheyknow.com/request/l...
::::
The request:
1. From my Subject Access Request I read that the Land Registry has been profiling me - even though my Twitter name is not the same as jtoakley.
In addition, the data opinion is wrong, as I have not raised a 'personal case' with the Land Registry on Twitter.
:::
This is the profiling from my SAR , and you will note that it has been distributed to several Land Registry employees.....
Dear all
I thought it may be useful to keep you informed about a customer posting negative comments about us on Twitter.
Her Twitter handle is xxxxx.
( NB which is not the same as jtoakley)
Having done some digging based on some of her posts, I am fairly certain this is 'jtoakley'. I believe she is one of the customers who has been given a final response by Land Registry.
I responded to her initial post to explain that we do not discuss individual matters or concerns on social media, and that she should contact us through the normal channels if she wished to raise any issue. Since then I have ignored her further posts on Twitter.
I have attached a word document with her recent posts about Land Registry for your reference.
:::
The Land Registry will be aware of the FOIAct means that the request is considered to be 'requester blind'.
'This principle was endorsed by the Information Tribunal in S v Information Commissioner and the General Register Office (EA2006/0030, 9 May 2007) when it stated;
‘We wish to emphasise at this point that the Freedom of Information Act is applicant and motive blind. A disclosure under FOIA, is a disclosure to the public [ie the world at large].
In dealing with a Freedom of Information request there is no provision for the public authority to look at from whom the application has come, the merits of the application or the purpose for which it is to be used.’ (Para 80) '
https://ico.org.uk/media/1043418/conside...
A .Why is the Land Registry collecting personal internet data on members of the public that make WDTK requests by 'digging' as stated?
You will note that the employee linked my name to a suspected 'handle'. How far does this digging go?
The internet, or beyond?
Does the Land Registry regularly 'dig' for other similar names or handles that appear in the internet? Which might, or might not be - WDTK requesters?
And what is its purpose for spending public money and employee time to do so?
And if the Land Registry is profiling WDTK requesters, or, indeed requesters who make any other form of FOIA requests, does it inform requesters that their data is being collected from the internet, or other sources?
And does it give requesters the chance to correct any incorrect assumptions made by Land Registry employees when collecting data, which is then held as data on Land Registry records?
Please therefore provide the LR policy on profiling requesters ( the data which applies to the 'digging' stated) .
B. Who does this collected information on potential WDTK requesters go to? And for what purpose? Please provide the work instructions to Land Registry employees for researching the internet and any other sources to undergo this work.
C. I am informed that the Land Registry has a consistent pattern of releasing personal information - in response to WDTK requests:
Because one apology to me wasn't enough to stop yet more personal information being released onto WDTK, what steps has the Land Registry taken to ensure that personal data of WDTK requesters is not released into its site in the future?
Since my personal data was released four times, I would like the internal correspondence showing that the Land Registry recognised its initial mistake and the duplicated mistake with the employee/s concerned.
Please therefore provide Land Registry general data held on responding to WDTK requests - without releasing personal data onto the Internet.
Plus specific data showing that the Land Registry has attempted to correct the actions of employee/s who have released personal data on any public platform. Any data held which instructs employee/s not to repeat the action of disclosing personal data on the internet .....and explaining why they were wrong to do so.
NB (To comply with DPA, the personal data of the Land Registry employee/s concerned in placing personal data on any public platform to be redacted).
:::
Criteria and scope of request:
Request Title/summary within scope.
I am writing to make an open government request for all the
information to which I am entitled under the Freedom of Information
Act 2000.
Please send me recorded information, which includes information
held on computers, in emails and in printed or handwritten
documents as well as images, video and audio recordings.
If this request is too wide or unclear, and you require a
clarification, I would be grateful if you could contact me as I
understand that under the Act, you are required to advise and
assist requesters.(Section 16 / Regulation 9).
If my request is denied in whole or in part, I ask that you justify
all deletions by reference to specific exemptions of the act. I
will also expect you to release all non-exempt material. I reserve
the right to appeal your decision to withhold any information or to
charge excessive fees.
If any of this information is already in the public domain, please
can you direct me to it, with page references and URLs if
necessary.
Please confirm or deny whether the requested information is held ( section (Section 1(1)(a) and consider whether information should be provided under section 1(1)(b), or whether it is subject to an exemption in Part II of the Act.
If the release of any of this information is prohibited on the
grounds of breach of confidence, I ask that you supply me with
copies of the confidentiality agreement and remind you that
information should not be treated as confidential if such an
agreement has not been signed.
I would like the above information to be provided to me as
electronic copies, via WDTK. The information should be immediately
readable - and, as a freedom of Information request, not put in a PDF or any closed form, which some readers may not be able to access.
I understand that you are required to respond to my request within
the 20 working days after you receive this letter. I would be
grateful if you could confirm in writing that you have received
this request.
::::::::
Please consider the ICO's Decision on the provision original documents on file, rather than newly written letters of response.
https://ico.org.uk/media/action-weve-tak...
This request does not require a letter, drafted by the External Affairs department, or any other written input by reputational defence employees, and purporting to be the response to a FOIA request.
Yours faithfully,
[Name Removed]
Dear [Name Removed]
Thank you for your email of 25 October 2016 requesting information about
putting personal data on the internet and profiling.
Your request is being dealt with under the terms of the Freedom of
Information Act 2000 and will be answered within twenty working days.
In some circumstances a fee may be payable and if that is the case, I will
let you know. A fees notice will be issued to you, and you will be
required to pay before we will proceed to deal with your request.
If you have any queries about this letter, please do not hesitate to
contact me. Please remember to quote the reference number in any future
communications.
Yours sincerely
Roger Petty
Corporate Information Officer
Head Office, 1 Bedford Park, Croydon CR0 2AQ
DD: 0300 006 7054 | GTN: 67054
Email [1][Land Registry request email]
[2]GOV.UK | [3]@LandRegGov | [4]LinkedIn | [5]Facebook
Your land and property rights: guaranteed and protected. Since 1862 Land Registry has given assurance and confidence to the property market in England and Wales. Find out more at www.gov.uk/land-registry.
If you have received this email and it was not intended for you, please let us know, and then delete it. Please treat our communications in confidence, as you would expect us to treat yours. Land Registry checks all mail and attachments for known viruses, however, you are advised that you open any attachments at your own risk.
References
Visible links
1. mailto:[Land Registry request email]
2. https://www.gov.uk/government/organisati...
3. https://twitter.com/LandRegGov
4. http://www.linkedin.com/company/land-reg...
5. http://www.facebook.com/pages/Land-Regis...
Dear [Name Removed]
Thank you for your email dated 25 October which contains a mixture of
questions and requests for information under the Freedom of Information
Act 2000 (FOIA).
FOIA does not require us to provide explanations or justify our practices
and procedures.
However to address the questions in your email:
Land Registry does not profile its customers on Twitter. If key terms are
uses on a Twitter post, for example “Land Registry” we will be alerted to
this.
You made a SAR and we provided information that we held and this included
the internal email relating to your posting on Twitter. There is nothing
untoward in this. It is you who is posting on Twitter and making
references to Land Registry.
FOIA requests relate to identifiable requests for information only. Your
actual FOIA request therefore only appears to be the following as
extracted from your email:
Please therefore provide the LR policy on profiling requesters ( the data
which applies to the 'digging' stated) .
Our response:
We do not hold this information. We do not profile requestors.
Information on our social media policy can be found on our website at
GOV.UK using the following link:
[1]https://www.gov.uk/government/organisati....
Please provide the work instructions to Land Registry employees for
researching the internet and any other sources to undergo this work.
Our response:
Please see the above link to social media use and also the Code of
Practice at the following link.
[2]https://www.gov.uk/government/publicatio....
Since my personal data was released four times, I would like the internal
correspondence showing that the Land Registry recognised its initial
mistake and the duplicated mistake with the employee/s concerned.
Our response:
Please see attached, redacted, correspondence.
Please also see information already supplied with your SAR.
Please therefore provide Land Registry general data held on responding to
WDTK requests - without releasing personal data onto the Internet.
Our response:
Please see attached internal staff guidance on WDTK requests.
Plus specific data showing that the Land Registry has attempted to correct
the actions of employee/s who have released personal data on any public
platform. Any data held which instructs employee/s not to repeat the
action of disclosing personal data on the internet .and explaining why
they were wrong to do so.
Our response:
Please see redacted correspondence referred to above.
If you are dissatisfied with this response to your FOIA request, you may
seek an internal review within two months of the date of our reply.
Internal reviews will be dealt within 20 working days. If at the end of
this time we are unable to respond, we will write to you explaining the
reasons and giving you a new date. If you seek an internal review please
write to:
Louise Booth
Head of Corporate Legal Services (Core Services) Head office Trafalgar
House
1 Bedford Park
Croydon
CR0 2AQ
Email: [3][email address]
If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner (ICO) within
two months of the reply for a decision. Generally, the ICO cannot make a
decision unless you have exhausted the complaints procedure provided by
Land Registry. The Information Commissioner can be contacted at: The
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.
Yours sincerely
Andrea Barr
Corporate Legal and Assurance Services
Your land and property rights: guaranteed and protected. Since 1862 Land Registry has given assurance and confidence to the property market in England and Wales. Find out more at www.gov.uk/land-registry.
If you have received this email and it was not intended for you, please let us know, and then delete it. Please treat our communications in confidence, as you would expect us to treat yours. Land Registry checks all mail and attachments for known viruses, however, you are advised that you open any attachments at your own risk.
References
Visible links
1. https://www.gov.uk/government/organisati...
2. https://www.gov.uk/government/publicatio...
3. mailto:[email address]
Dear Land Registry,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Land Registry's handling of my FOI request 'Putting personal data on the internet and profiling ('digging' for WDTK requester's personal information)'.
Thank you for your response but this request is on the LR social media procedures.
Or 'digging for information', as the Land Registry terms it in-house.
Therefore snce the LR openly flouted the DPA four times, I wrote the background to the request to ensure the Land Registry understands that it must not put personal information in its response to this FOIA request on WDTK.
......Mainly to prevent it doing so for a fifth time.
::::::
Review
Dear [Name Removed]
Thank you for your email dated 25 October which contains a mixture of questions and requests for information under the Freedom of Information
Act 2000 (FOIA).
FOIA does not require us to provide explanations or justify our practices and procedures.
Response - Quite so. But thank you I already am aware of this.
Please re-read the request. This an FOIA request for practices and procedures - which are already on LR file.
ICO guidance on requests:
https://ico.org.uk/media/for-organisatio...
It is a WDTK request is clearly marked as such and is not a 'letter' asking for justification, or 'explanation'.
:::::
LR - However to address the questions in your email:
:::
My Response:
Please note:
My request is for de-personalised DATA on file at the time of the request.
That is what an FOIA request is.
Help and assistance:
An accurate and easy way to identify a question is that they have question marks (?) at the end of them.
::::
Land Registry does not profile its customers on Twitter. If key terms are uses on a Twitter post, for example “Land Registry” we will be alerted to this.
My Response :
Thank you - but that is an 'explanation', not file data.
And you have already stated above that you do not give explanations in response to FOIA requests..
::::
You made a SAR and we provided information that we held and this included the internal email relating to your posting on Twitter. There is nothing untoward in this. It is you who is posting on Twitter and making references to Land Registry.
My Response:
You state:
'Your posting?'
'It is you who is posting on Twitter and making references to Land Registry'.
---
Once again, the LR is personalising this request with an accusation that I have made Twitter post/s .
Help and assistance :
My name is jtoakley.
My name was NOT on the Tweets logged in my SAR.
However, since you have confidently made the accusation, I await the Twitter-provided IP address linked to me, as the Twitter poster - as proof of your accusations.
Help and assistance :
As you will know, even then an IP address is not a guarantee of the identity of the poster.
:::
The reason for the request:
Therefore I requested your policy on profiling, since the LR must have some guidance on 'guessing' who posters are on the internet.
Then adding social media posts - not attributed to them by name - and so technically anonymous, on the personal files of anyone corresponding with the Land Registry.
In addition, when a name is present on social media, a J Smith might be confused with any other JSmith.
It is legitimate to request to know how Land Registry procedures and processes averted inaccuracy.
Help and assistance :
That is the difference between profiling - and collecting accurate, attributable data.
::::
And therefore this request was on that basis....
'Please therefore provide the LR policy on profiling requesters ( the data which applies to the 'digging' stated)' .
My Response :
This clearly is not a question. ( NB no question mark).
It is a FOIA request for the LR policy on collecting information anonymous, or otherwise ( and personal data) from the internet - and subsequent attributing it to Land Registry correspondents.
1. Without advising the public that information is being collected about them.
2. And without giving them the chance to refute any guesswork LR in- house accusations left on file.
::::
FOIA requests relate to identifiable requests for information only. Your
actual FOIA request therefore only appears to be the following as
extracted from your email:
My Response - 'appears' ? 'Actual?'
This is clearly stated to be the WDTK request - helpfully using the Land Registry's own terminology - which is ' digging' for information.
The Request
Please therefore provide the LR policy on profiling requesters ( the data which applies to the 'digging' stated) .
My response- I cannot see that it has any other 'appearance' than the obvious one.
Help and assistance :
You may like to note that an FOIA does not have to make a single sentence request. The requester may attempt to clarify it - to assist the production of an accurate response from the responder.
In this case the added information was to stop the Land Registry from adding my personal data to the WDTK response - for the fifth time.
::::
Our response:
We do not hold this information. We do not profile requestors.
My Response:
Help and assistance :
Please read the above on the difference between profiling and collecting attributable information.
:::
Information on our social media policy can be found on our website at
GOV.UK using the following link:
[1]https://www.gov.uk/government/organisati....
Please provide the work instructions to Land Registry employees for
researching the internet and any other sources to undergo this work.
Our response:
Please see the above link to social media use and also the Code of
Practice at the following link.
[2]https://www.gov.uk/government/publicatio....
My Response:
Thank you for the links.
However it 'appears' that the information does not cover attributing unnamed profiled data to Land Registry files by 'digging'.
:::
Request:
Since my personal data was released four times, I would like the internal correspondence showing that the Land Registry recognised its initial mistake and the duplicated mistake with the employee/s concerned.
Our response:
Please see attached, redacted, correspondence.
My Response: It appears to be missing. Please provide.
::
Please also see information already supplied with your SAR.
My Response:
Thank you for your advice. But as stated, I have already read it.
::::::
Please therefore provide Land Registry general data held on responding to WDTK requests - without releasing personal data onto the Internet.
Our response:
Please see attached internal staff guidance on WDTK requests.
Plus specific data showing that the Land Registry has attempted to correct the actions of employee/s who have released personal data on any public platform. Any data held which instructs employee/s not to repeat the action of disclosing personal data on the internet .and explaining why they were wrong to do so.
Our response:
Please see redacted correspondence referred to above.
My Response:
Thank you but it doesn't seem to be attached.
Please provide.
::::
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/p...
Yours faithfully,
[Name Removed]
Dear Petty, Roger,
Please note the terms which you can hold personal data.
Clearly your review will provide the LR's instructions to employees ( held as data) on in collecting and processing personal data on members of the public which, (as LR terms it ) has been stated as 'dug up' from the internet.
::::
To help and assist the LR's review of this request:-
This is the ICO's advice:
In brief – what does the Data Protection Act say about handling personal data fairly and lawfully?
The Data Protection Act says that:
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
This is the first data protection principle. In practice, it means that you must:
have legitimate grounds for collecting and using the personal data
::::
* NB the LR is stating that it is collecting unattributable Tweets from the internet( digging' is 'collecting data' and therefore it has the right to add this personal data to personal records.
The LR will have data on file explaining its 'legitimate aims' to staff on internet 'digging'.
Therefore this instructive Data will form part of the Land Registry response to this request.
::::
ICO advice continued-
not use the data in ways that have unjustified adverse effects on the individuals concerned;
be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
::::
* NB The Land Registry response should contain the procedure for informing members if the public that the Land Registry is collecting their data from the internet.
handle people’s personal data only in ways they would reasonably expect;
::::
*Nb I would not reasonably expect the Land Registry to be collecting unattributable data from the internet and adding it to my file.
Since the Land Registry has been specific in the response above and stated it has collected my personal data, what is the reason that it would try to collect my personal data since ....the ICO states that :
::::
ICO advice continued-
make sure you do not do anything unlawful with the data.
::::
* NB since it us illegal to collect data without informing a member of the public that the LR is 'digging' (Land Registry !s term) for information about them, recording it secretly and not allowing that member of the public to correct it. It is just justifiable to ask for the data which advises Land Registry emplyees of the steps that they must take to comply with the Act.
:::
ICO advice continued-
In more detail…
What are the “conditions for processing”?
What does fair processing mean?
Is it possible to use or disclose personal data for a new purpose?
Is it ever acceptable to disclose personal data to other organisations for them to use for their own purposes?
What about disclosures that are in the best interests of the individual concerned?
What about “privacy notices”?
What is meant by “lawful”?
What are the “conditions for processing”?
The conditions set out in Schedules 2 and 3 to the Data Protection Act are known as the “conditions for processing”. Organisations processing personal data need to be able to satisfy one or more of these conditions. This will not, on its own, guarantee that the processing is fair and lawful – fairness and lawfulness must still be looked at separately.
The conditions for processing are more exacting when sensitive personal data is involved, such as information about an individual’s health or criminal record.
For further information, please read about the section of this guide on the conditions for processing, which contains an explanation of what they mean in practice.
What does fair processing mean?
Processing personal data must above all else be fair, as well as satisfying the relevant conditions for processing. “Processing” broadly means collecting, using, disclosing, retaining or disposing of personal data, and if any aspect of processing is unfair, there will be a breach of the first data protection principle – even if you can show that you have met one or more of the conditions for processing.
Fairness generally requires you to be transparent – clear and open with individuals about how their information will be used.
Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with you.
If individuals know at the outset what their information will be used for, they will be able to make an informed decision about whether to enter into a relationship, or perhaps to try to renegotiate the terms of that relationship.
Assessing whether information is being processed fairly depends partly on how it is obtained. In particular, if anyone is deceived or misled when the information is obtained, then this is unlikely to be fair.
The Data Protection Act says that information should be treated as being obtained fairly if it is provided by a person who is legally authorised, or required, to provide it.
Example
Personal data will be obtained fairly by the tax authorities if it is obtained from an employer who is under a legal duty to provide details of an employee’s pay, whether or not the employee consents to, or is aware of, this.
However, to assess whether or not personal data is processed fairly, you must consider more generally how it affects the interests of the people concerned – as a group and individually. If the information has been obtained and used fairly in relation to most of the people it relates to but unfairly in relation to one individual, there will be a breach of the first data protection principle.
Personal data may sometimes be used in a manner that causes some detriment to (negatively affects) an individual without this necessarily being unfair. What matters is whether or not such detriment is justified.
Example
Where personal data is collected to assess tax liability or to impose a fine for breaking the speed limit, the information is being used in a way that may cause detriment to the individuals concerned, but the proper use of personal data for these purposes will not be unfair.
Some organisations share personal data with other organisations. For example, charities working in the same field may wish to use or share supporters’ information to allow reciprocal mailings. Some companies even trade in personal data, selling or renting the information. The individuals concerned must still be treated fairly. They should be told that their information may be shared, so they can choose whether or not to enter into a relationship with the organisation sharing it.
Why and how personal data is collected and used will be relevant in assessing fairness. Fairness requires you to:
be open and honest about your identity;
*****+++. tell people how you intend to use any personal data you collect about them (unless this is obvious);
*******+++ usually handle their personal data only in ways they would reasonably expect; and
above all, not use their information in ways that unjustifiably have a negative effect on them.
Is it possible to use or disclose personal data for a new purpose?
*********It depends on whether it would be fair to do so. You should explain why you want to use an individual’s personal data at the outset, based on your intentions at the time you collect it. If over time you devise new ways of using that information, perhaps because of changes in technology, you will be able to use their personal data for the new purpose if it is fair to do so.
When deciding whether you should give any other information in the interests of fairness, you have to take into account the nature of the personal data and what the individuals concerned are likely to expect. For example, if you intend to disclose information to another organisation, fairness requires that you tell the individuals concerned unless they are likely to expect such disclosures. It is also good practice to tell people how they can access the information you hold about them, as this may help them spot inaccuracies or omissions in their records.
When deciding how to draft and communicate a privacy notice, try to put yourself in the position of the people you are collecting information about. Ask yourself:
do they already know who is collecting the information and what it will be used for?
is there anything they would find deceptive, misleading, unexpected or objectionable?
are the consequences of providing the information, or not providing it, clear to them?
We have issued a code of practice on communicating privacy information to individuals – privacy notices, transparency and control. It explains how to draft clear and engaging privacy notices, and the importance of collecting information about people fairly and transparently. Following the good practice recommendations in the code will help organisations comply with the law.
Yours sincerely,
[Name Removed]
Re: Freedom of Information Act 2000 request made on 25 October 2016
Dear [Name Removed]
I am one of the lawyers in the Corporate Legal & Assurance Services Team.
I have been asked to respond to your email request dated 10 November 2016
for an internal review to be carried out following the response by one of
my colleagues to your request under the Freedom of Information Act 2000
dated 25 October 2016. I have now considered all the correspondence that
has taken place including your email dated 20 November, 2016 and reviewed
this matter. The FOIA request to which we responded on 10 November 2016
was as follows:
“ the Land Registry policy on profiling requesters (the data which applies
to the ‘digging’ stated)”
We responded to that request by confirming that we do not hold this
information as we do not profile requestors. Information is set out on
our social media policy under the headings of ‘Following’ and ‘Discussion
Policy’ from which you will see that we will unfollow accounts we believe
are malicious or spam. I set out below a link to this policy:
[1]https://www.gov.uk/government/organisati....
I have considered the correspondence also your recent response. I
consider that your FOIA request has been fully answered and I have nothing
further to add. This is a final review and if you are not content with the
outcome you have the right to apply directly to the Information
Commissioner within two months of this reply for a decision. The
Information Commissioner can be contacted at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.
Yours faithfully
L Malpas
L Malpas, Lawyer, Corporate Legal & Assurance Services
Your land and property rights: guaranteed and protected. Since 1862 Land Registry has given assurance and confidence to the property market in England and Wales. Find out more at www.gov.uk/land-registry.
If you have received this email and it was not intended for you, please let us know, and then delete it. Please treat our communications in confidence, as you would expect us to treat yours. Land Registry checks all mail and attachments for known viruses, however, you are advised that you open any attachments at your own risk.
References
Visible links
1. https://www.gov.uk/government/organisati...
Dear Petty, Roger,
Thank you L Malpas
As a lawyer, you are, of course aware that, under copyright, Tweets content belong to the Tweeter, and may not be reproduced without their permission.
I would therefore presume that you have messaged the Tweeter concerneed before copying any Tweets.
Since you have not contacted me, which Tweeter did you contact for permission before adding content-owned Tweets to my file?
::
FYI
Ownership of a Tweets
Twitter respects the intellectual property rights of others and expects users of the Services to do the same. We reserve the right to remove Content alleged to be infringing without prior notice, at our sole discretion, and without liability to you. We will respond to notices of alleged copyright infringement that comply with applicable law and are properly provided to us, as described in our Copyright policy(https://support.twitter.com/articles/15795). If you believe that your Content has been copied in a way that constitutes copyright infringement, please report this by visiting our Copyright reporting form(https://support.twitter.com/forms/dmca) or contacting our designated copyright agent.
::
I will be reporting this to the ICO simply because no organisation should reproduce unidentifued Tweets to a member of the publics files - Without asking their permission for reproduction of their copyrighted material - and not advising them that you are doing so for a stated purpose.
Yours sincerely,
[Name Removed]
[Name Removed] (Account suspended) left an annotation ()
I have complained to the ICO that:
1. Unattributed Tweets have been collected and circulated to several senior members of the Land Registry, without my consent. They are attributed to me.
2. These unattributed Tweets are not in my SAR.
3. I should have the right to read them. ...as no FOIA exclusions have been made.
4. And challenge them - if I did not make these Tweets.
5. The Tweets are the copyright of the originator. Stated in Twitter T&C's.
6. Just because Twitter is a 'public platform' this does not give the government the right to reproduce copyrighted material.
7. That an public organisation should have a stated purpose in collecting internet information - especially unattributed information.
8. What the Land Registry is doing is basically collecting unattributed material and stating that a member of the public is the originator -without evidence.
9. That the public can ask credit agencies to provide their personal information via SAR's, to check accuracy
10. Why is it that the Land Registry is exempt from correction on its files?
:::::
The ICO's current stated position in its response is that government organisations have:
1. Every right to collect unattributed information - as Twitter, Facebook etc are 'public' platforms and therefore posters will have 'the expectation' that their posts will be collected by government organisations and filed on their personal files. Without their permission or knowledge.
2. That government organisations do not have to tell the member of the public what information has been collected on them - and can keep it secret from the person....even if that person has requested a SAR.
3. And do not have to give FOIA reasons for keeping the collected information secret, so that the person has no chance to correct or dispute the collected unattributed information on file.
4. That ALL publically available information on the internet, copyright or not, can be copied by government departments, without permission or payment.
5. That government departments do not have to have a stated sensible and logical reason for collecting unattributed information and ascribing it to ANY CITIZEN on its files.
:::::
This is my response -( without reproducing the ICO's response).
Thank you but the point is that the Land Registry is adding unsubstantiated copyrighted information from the internet to a file on me - held by themselves.
As I have explained, Tweeters hold the copyright of their Tweets.
So yes, an organisation employee can read any Tweet but cannot reproduce Tweets without checking copyright in platform T&C's and obtaining permission with the copyright holder.
I have sent you the Twitter T&C's - on copyright - but I'm sure that you must have verified them for yourself.
As explained, 'Digging' is not my term for what the the Land Registry has been doing - it is the Land Registry's.
::::
I have not disputed the fact that the internet is a 'resource available to anyone'.
But the information on it, such as books, videos etc can be read, or watched - but cannot be reproduced with the consent of originators, especially if it is clearly spelt out that the information is copyright.
This is the law:
https://en.m.wikipedia.org/wiki/Copyrigh...
::::
On the re- use of 'publically available' information.......which the ICO states is absolute.
Please explain your use of 'publically available information'.
Do you mean ALL publically available information?
- BBC broadcasts for instance?
- YouTube videos?
- Library books loaned from internet libraries?
My understanding from your response is that the argument is that the FOIAct supersedes copyright law.
Could you confirm that in writing please?
::::
The ICO states that an organisation does not need my consent in order to process my personal data....
But clearly not copyrighted information and it should verify the personal information is correctly collected.
There are obvious problems with collecting anonymous 'handled' information from the internet and adding it to the wrong file.
Surely if the individuals wanted to put 'personal information' online, they would put their own names online?
If they use a 'handle ' as the Land Registry has stated, then it is absolutely clear that they wish to remain anonymous ....and are protected by doing so by both their choice of anonymity and, in the case, of Twitter - copyright.
For instance, if I want to make a FOIA request, I have to give my real name, I cannot supply a 'handle' - the real name has to be verified before process.
::::
The ICO states that Tweets can 'even be reproduced'.
They can't - individual Tweets can be read and replied to but they cannot be reproduced - other than in response to a Tweets, on Twitter - as a reference to the original Tweet.
Twitter is a private company. It has owners and shareholders.
It is not a government body, which may allow replication of its work, like the ICO.
Please re-read the Twitter copyright terms and conditions. They are quite clear. All Tweets are copyright.
Any originator - of say a copied Instagram - can demand Twitter remove their work from it.
Twitter respects the copyright of other internet platforms.
Especially ..say a YouTube goes viral ..and is bought from the originator, who holds the copyright.
I agree that each individual contributor can contribute to Twitter can expect their views to be discussed, agreed with or challenged- but on Twitter.
It is called 'social media' for that reason. And that is how Twitter makes its profit- via its advertisements - on the back of individual contributions.
Please note - I didn't write the Twitter terms and conditions.
::::
Sally Bercow:
Twitter protects itself from libel by safeguarding itself position as 'the publisher ' by assigning copyright to Tweeters.
That means Tweeters own their Tweets and Twitter is not responsible for any 'hate crimes' or libel committed by its Tweeters- the individual Tweeters are.
Please read details of this this Sally Bercow Tweet legal judgement:
https://en.m.wikipedia.org/wiki/McAlpine...
NB It was not Twitter that was sued.
It was the copyrighted Tweeter. Who only wrote one line.
And I'm sure that you have read of arrests and convictions of trolls on the same type of social platform.
:::::
Reading' and ' retweeting' on the privately owned Twitter is an irrelevant argument. This is not under dispute.
The ICO points out that Tweeters have the option of protecting their accounts.
Thank you but I can also read the Twitter legal terms and conditions. Could you confirm that you have also done so?
Once again, Tweets cannot be copied - without the consent of the Tweeter, as previously stated.
News outlets, such as the Daily Mail have to ask permission...as they do on any other copyrighted material. So do any other government organisations - unless there is a legal reason for doing so e.g. Harassment, hate crimes.
However, I notice that from your response that you must be stating that you have read the withheld Tweets that I am concerned about, referred to on Land Registry files - which I have explained were withheld from my SAR.
As you have investigated the complaint thoroughly - with the LR - and that you are completely satisfied that I have made these copyright protected ' handled' SAR withheld Tweets - from the evidence presented on Land Registry files.
:::::
My logic is that if these Tweets are on my file and ascribed to me, then they should be within my SAR....unless a reason for withholding them is given. No reason has been given.
Since you have investigated my complaint thoroughly, could you provide the arguments given by the Land Registry on the withholding of this specified data?
This would provide proof of your investigative verification into my complaint.
:::
It is now my understanding from your response that the Land Registry( or any other similar government organisation) can collect copyrighted material, by reproducing Tweets and then adding unsubstantiated information - to any file of their choosing.
Please confirm this is your final stated legal position on the matter - and inform me of the next stage in your complaints process, if you have one.
[Name Removed] (Account suspended) left an annotation ()
Regulating Social Media Data
The Data Protection Act 1998 (DPA) implements the EU Data Protection Directive 95/46/EC. It regulates the processing of personal data through restrictions on how such data – including social media data – can be recorded, stored, altered, used or disclosed.
Under the DPA, personal data means data related to a living individual who can be identified, either directly or indirectly, from the data, or from other information held by the same organisation. There are concerns over the effectiveness of the DPA. The European Commission proposed a reform of the EU’s data protection rules in January 2012, to take account of new technologies and the changing ways that personal data are being used. The draft European General Data Protection Regulation (GDPR), is currently being debated in the European Parliament and could introduce more stringent regulation of social media data. However there is significant political disagreement about the Regulation and it is unclear whether it will proceed in its current form. Key concerns about data protection and privacy are outlined below.
Giving Consent
Under the DPA, individuals must give their consent for their personal data to be processed by an organisation, both at the stage of initial registration for a social media service, and for any subsequent changes to the terms of use of the data.
http://researchbriefings.files.parliamen...
J A Giggins left an annotation ()
Interesting that the Land Registry says it has a Twitter alert for every mention of their organisation name..... I wonder how many other public organisations that applies to? And how much time is spent monitoring the feed, plus of course how the information is redistributed/used. Where commentary/opinion is added I agree that it should be disclosed in a SAR so that you have an opportunity to make corrections if it is incorrect.
[Name Removed] (Account suspended) left an annotation ()
I agree.
It seems as if government organisations interpret anyone making an FOIA as 'The Enemy'. Then trawl the internet to get information on them. Personally I find it creepy - and even more so when records are made without disclosure and without a reason for doing so. What on earth are they going to prove?
If a person collected someone's Tweets for no understandable reason ....we'd find it very odd.
[Name Removed] (Account suspended) left an annotation ()
Regarding the law and collection of personal data - without permission.-
https://en.m.wikipedia.org/wiki/Data_Pro...
[Name Removed] (Account suspended) left an annotation ()
Apparently it's perfectly ok that the Land Registry put very personal information files as responses to WDTK requests.
And I'm 'frivolous' for having reported it a DPA breach.
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now
[Name Removed] (Account suspended) left an annotation ()
Snooping on members of the public who contact government organisations.....
HS2 chiefs planned to snoop into the sex lives, mental health and political views of opponents of the controversial project
The company's Privacy Notice, which has now been withdrawn, revealed how HS2 could access data relating to people's 'racial, ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health condition, sexual life,' as well as criminal records.
Staff and suppliers were subject to these checks, as were 'complainants, correspondents, litigants, claimants and enquirers'.
HS2 also had the power to gather this information from the individual, as well as a variety of organisations, including HM Revenue and Customs, utility companies, lawyers, doctors, credit reference agencies and trade bodies.
::::
Meanwhile, a spokeswoman from the Information Commissioner's Office said: 'The law says that organisations processing people's personal information must ensure individuals understand how their details are going to be used.
'They must be open with people about how their information may be used and must also avoid excessive data collection.'
Both organisations emphasised the need to comply with the Data Protection Act 1998.
http://www.dailymail.co.uk/news/article-...