We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
IMPORTANT: Please make sure your posts do not contain any personally identifiable information (both your own and that of others). When uploading images, please take care that you have redacted all personal information including number plates, reference numbers and QR codes (which may reveal vehicle information when scanned).
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Article 13 GDPR (Data Protection Act 2018)
Comments
-
jackfrost1 wrote: »I do wonder how the PPCs have set themselves up to deal with GDPR.
I wonder if it would be possible to bury them under so many Data Subject Access Requests that they cannot meet them? (ie requests from you and me to see what they hold/how they process our data)
The deadlines are quite strict and there is the potential for harsh penalties if they are found not to be compliant.
They have probably done nothing, or very little - in common with most companies or public bodies (who are not exempt). Law enforcement is slightly different, there is a separate little-known set of rules called the "Law Enforcement Directive" which EU member states should have signed into law on the 6th of May, but the UK instead rolled this legistlation into the Data Protection Bill alongside EUGDPR.
The big change between the DPA and DPB/EUGDPR is that Subject Access Requests no longer carry the £10 fee - so if a sufficiently large entrepreneurial group of people could indeed orchestrate the submission of a large number subject access requests at the same time to a PPC. There is a caveat in the legislation that allows the data processor to levee a charge if the request is deemed "manifestly unfounded or excessive", so a data subjected sending repeated requests themselves is likely to fall into the category.
To make a SAR request you don't even need to have received a parking notice - simply making use of a free ALDI Parking Eye car park (for example) and being the registered keeper of a vehicle captured on CCTV/ANPR means that the data processor (Parking Eye) hold personally identifiable information that you are entitled to request.
The potential for harsh fines is unlikely to arise except maybe in the most serious circumstances - the ICO is severely underfunded and toothless and doesn't fine anywhere near it's currently permitted limit so it's unlikely to do so after GDPR. If you report non-compliance to the ICO (as I have done) the response from them is that you would need to take the organisation to court for breach.0 -
I think that caveat is designed to stop one person making numerous vexatious requests.
It would be nigh on impossible for a PPC to claim that multiple subject access requests were part of a concerted group effort0 -
Section 173(3) now makes it an offence to "alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive"jackfrost1 wrote: »The deadlines are quite strict and there is the potential for harsh penalties if they are found not to be compliant.0 -
-
But you don't normally enter a "legal" contract when you pass a CCTV camera, well I hope not!Computersaysno wrote: »The same way every CCTV operator in the UK [and there are a few of those] will do....0 -
Looks like Parking Eye have updated their privacy policy:
https://www.parkingeye.co.uk/privacy-policy/
They have a phone number with a recorded message detailing the privacy policy - 0333 1235 984 :-)0 -
HX Car park management give the following on their web site in their response to GDPR ...
'1) If parked within the terms and conditions of the car park for the full duration of your stay
As a compliant user of our privately managed car parking site, the personal data we obtain is your registration number. We may capture images of the vehicle, occupants or bystanders. A full list of your Rights under GDPR are summarised above. Where your data is obtained it will be retained for 3 months only. We then erase your registration and any other images from our records.'
I can see no legitimate interest in holding these data for three months if a 'compliant' user of their 'facilities'. From tomorrow I will be sticking in a data request every time I park in an ANPR facility.0 -
I'm just finished listening to the parking eye privacy recording - took 5 minutes end to end! I wonder how that works in with grace periods....0
-
-
SAR bombs are currently being primed!I wonder if it would be possible to bury them under so many Data Subject Access Requests that they cannot meet them? (ie requests from you and me to see what they hold/how they process our data)
Please note, we are not a legal advice forum. I personally don't get involved in critiquing court case Defences/Witness Statements, so unable to help on that front. Please don't ask. .
I provide only my personal opinion, it is not a legal opinion, it is simply a personal one. I am not a lawyer.
Give a man a fish, and you feed him for a day; show him how to catch fish, and you feed him for a lifetime.Private Parking Firms - Killing the High Street0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards