Subject Access Request to ISP under Data Protection Act 1998

Glum

Hi all. Can anyone confirm if they have ever received any kind of internet log information from their ISP or telecom provider?

As far as I can see, one's personal internet activity log is 'personal data' under the meaning of the Data Protection Act 1998, and as such, should be disclosed in response to a 'Subject Access Request', or am I missing something?

If you think you can shed any light on this legal issue, it would be helpful if you could provide a reference for the information since anecdotes tend to muddy the waters. To clarify, I am not seeking information about any third party, just data from my own private domestic internet connection so I can investigate claims of possible system errors causing widescale overcharging.

Thanks.

Buzby

If you mean your IP logs these are not relevant as they are not 'personal' data as anyone using your WiFi or computer could find the bill payer seeking access to sensitive information.

A SAR will provide all the details they hold on your account, which you will know already. The web logs do not explicitly identify you, and are excluded.

Glum

Thanks Buzby

As expected, this is not a simple issue and is bound to raise more questions.

When you say the IP logs are not 'personal' data, can you clarify what sort of data they are under the DPA?

Why would a SAR only cover my account details if I also asked for web logs?

If, as you say, the web logs do not explicity identify me, then how can I be billed using the data in those logs? And how could anyone accuse me of any online-related offence if the data in my log is anonymous?

More to this than first thought... Any help appreciated.

mjm3346

Maybe because the logs identify the use of that connection which is all they need for usage billing, they don't need to know who was actually using your computer/tablet etc.

VisionMan

Glum wrote: »

Thanks Buzby

As expected, this is not a simple issue and is bound to raise more questions.

When you say the IP logs are not 'personal' data, can you clarify what sort of data they are under the DPA?

Why would a SAR only cover my account details if I also asked for web logs?

If, as you say, the web logs do not explicity identify me, then how can I be billed using the data in those logs? And how could anyone accuse me of any online-related offence if the data in my log is anonymous?

More to this than first thought... Any help appreciated.

Its actually far more complicated than that. As all ISP's have the ability to actually view an individual users internet activity, but very rarely use it. Certain sites are 'red flagged', and if a user accesses such sites, THEN your account and internet activity would pop up for their attention.

Such activity is not only accessible by your ISP, but also external authorities too.

What websites do you/are you trying to access?

Buzby

The info you seek is now a legal requirement for retention (two years worth) but this is deemed not to be supplied to the customer as it has no use for billing purposes, what would be more relevant is your data transfer limits which are difficult for you to define - yet again, this is available but not supplied.

This is no different than Sky knowing what you watch and when and also record using their PVR. A SAR will not supply this data either!

chanz4

why op what ilegal activity have you been upto

Glum

I think you missed the point. The assumption is that the ISP might be illegally overcharging for bandwidth I haven't used.

With regards to DPA, advice from OIC is that the usage logs directly relate to my account and could indeed be regarded as personal data. I will submit a SAR and see what they do. If they try to withhold anything they could be breaking the law and OIC will investigate.