Euro-folks: Data Protection Laws and Lulz

I've been looking for local law firms who do drop-in advice sessions and have a couple of leads that I'll check out tomorrow and see if I can run the drafts of this letter past them.

For the same reason that Scientology will try to use every loophole available, I do want to use the paragraph "
The information provided in this letter is to be used only for providing myself with copies of any and all private information held on the Church Of Scientologys records."

I want to make sure that they can't use an argument like "well he said the information we already have - we recieved this information after the info we already have." I don't think they have anything other than a few photos of me without a mask on (although they've probably linked this username to the photo now) and the info on this letter would be a goldmine.

Either they comply 100% with the letter and the law and I'm safe from fair game, or they ignore it, fair game me and I have the information commisioner pay for my lawyers.

I've also expanded a little bit on the reasons why I'm telling them to stop all processing - this seems to be the only part of the law which is possibly open to interpretation and discussion so I want this to be a slam dunk.

This is the draft at the moment (few gramatical errors I've noticed as well):

Quote:

Dear Sir,

I am writing to you to make a Data Subject Access Request (DSAR) as provisioned in the Data Protection Act. I hereby request a copy of all documents and personal information relating to myself, including memo's, contact cards, private investigator contracts for myself, CCTV and photographic images. Please find enclosed a postal order for the value of £10 – the maximum amount that you are allowed to charge an individual for providing this information under law.

I would like to remind you that you have 21 days to provide all the information that the Church of Scientology holds on myself and not to do so will be another breach of the Data Protection Act committed by the Church.

I have reason to believe that the Church Of Scientology is holding personal information on me, on the basis that I was photographed by a Scientologist as I was speaking to a police officer while expressing free speech at a peaceful protest. This was outside the York mission of Scientology on March 15th 2008 and will be verified by other peaceful protesters as well as the officer I was speaking to. If needs be, they will be called on as witnesses in a court case if you fail to produce the information on myself. I was also photographed at the peaceful protest on February 10th by Scientologists although I wore a mask then. I have enclosed a passport photograph of myself to help you identify which photos are of me.

I am also taking this opportunity to make a formal request for the Church Of Scientology and all of its associates to cease all processing of information about myself. My reason for this is that Scientology has in the past conducted a policy called Fair Game where it endlessly and illegally harasses critics for simply expressing their right to free speech.

While the organisation has indeed retracted the term Fair Game, it is completely obvious that the policy is still in effect – most likely under a different name – due to hundreds of hours of footage and thousands of victims accounts of themselves being "fair gamed". Indeed several people who peacefully protested the organisation of the Church of Scientology on February 10th and March 15th 2008 have reported being "fair gamed". The most high profile case of this being the false arrest and imprisonment of Sean Carasov on suspicion of terrorism. These charges were subsequently dropped and instead charges of filing false police reports were placed on the Church of Scientology.

Because this policy, if it were to target me, would obviously cause me distress by being stalked, having my privacy invaded as well as the false reputational reprocussions, I am ordering the Church to cease any and all processing of information relating to myself. This is my right under the Data Protection Act. Failure to comply with this will result in a complaint to the Information Commissioners Office as well as legal action being taken by myself to claim compensation, again as provided under the Data Protection Act.

The information provided in this letter is to be used only for providing myself with copies of any and all private information held on the Church Of Scientologys records.

I look forward to your reply with all the personal information on myself as well as written confirmation that you have stopped all processing of information, or the reason that you have not, within 21 days.

Quote:

Originally Posted by Theta Omega

You have a good point, well made.

Shall we turn this into a form letter that people can fire off at zero effort? :)


Excellent, and yes- that is exactly the strategy we can take. The ICO will do our dirty work for us. They are looking for a win at the moment, and this is an easy one for them. Fair Game information gathering is completely illegal under the Data Protection Act.

I do think that you should remove the part about the charity donation, though- if they're going to refuse to comply, you should force them to return the PO :-)

If it's anything like Freedom of Information (and I admit that I'm not sure it is) you need to be careful of organised copypasts bombardment - the authorities frown on it and in the case of FOIA, your query can and will be refused. This may be different given that it's about your own personal info, but still. It might be an idea to word individual requests.

Quote:

Originally Posted by Anonyunderpants

According to DPA to cease processing information you need to provide a solid reason that you believe the data will cause you harm, otherwise the company can ignore the request.

Cite Bonnie Woods. Legal precedent that resulted in Scientology paying out to her and having to publicly apologise. Case closed.

A word of caution.

If you are looking for CCTV information that might be stored about you, remember that the CO$ can turn this about on you if you have made any recordings of them.

for Irelandanons, here are the CCTV rules of the Data Protection Act 1988 and 2003
Data Protection & CCTV - Data Protection Commissioner - Ireland

Maximum price they may charge for supplying the information €6.35
and they can only retain the information for 40 days.

and for all you Euroanon out there:

European Union Data Protection Authorities
Austria http://www.dsk.gv.at/
Belgium http://www.privacy.fgov.be/
Bulgaria http://www.cpdp.bg
Cyprus http://www.dataprotection.gov.cy/
Czech Republic http://www.uoou.cz/
Denmark http://www.datatilsynet.dk/
Estonia mailto:urmas.kukk@dp.gov.ee
Finland http://www.tietosuoja.fi/
France http://www.cnil.fr/
Germany http://www.bfd.bund.de/
Greece http://www.dpa.gr/
Hungary http://abiweb.obh.hu/
Ireland http://www.dataprotection.ie/
Italy http://www.garanteprivacy.it/
Latvia http://www.dvi.gov.lv/
Lithuania http://www.ada.lt/
Luxembourg http://www.cnpd.lu/
Malta http://www.dataprotection.gov.mt/
Netherlands http://www.cbpweb.nl/
Poland http://www.giodo.gov.pl/
Portugal http://www.cnpd.pt/
Romania http://www.dataprotection.ro
Slovakia http://www.dataprotection.gov.sk/
Slovenia mailto:jernej.rovsek@varuhrs.si
Spain http://www.agpd.es/
Sweden http://www.datainspektionen.se/
United Kingdom http://www.dataprotection.gov.uk/

The more and more i read about this the more i love it, and the more im realising why we arent really seeing any US style fair gaming over here.

Combined with the Bonnie Woods case, pretty much everything theyve done in US; Posting info on internet, Giving Info to PIs, would leave them in deep shit legally here. And i think a few well placed requests from people who have been photographed could lead them to stop photographing whatsoever.

Worries about them using your additional info, name/address are protected against due to "Personal information may be kept for no longer than is necessary." so they can only keep your name info while they're dealing with your request, and "Require that data is not used in a way which causes damage or distress." so if they do attempt to do anything with your data they are in violation and in deep shit.

I'd be really interest for more infomation about how they have prove you have no infomation about you, all the stuff in government material assumes they either comply or do not comply, nothing about lying.

Also, I freaking love UK laws.

Bonnie Woods is fantastic! Thank you! I believe I've found the law firm which handled her case (free of charge according to The Guardian!) and I'm gonna give them a bell later to see if they'd be interested in covering us should we be fair gamed.

I don't think that it was a conviction regarding DPA though - seemed to be more general damages according to the reports I've read. I don't want to go down the road of "If you fair game us we'll sue for damages" - I want to stay along the lines of "If you break the data protection act, we'll sue for damages". I reckon those pesky cultists might take the first one as a challenge...

Either way, another paragraph:
"Also note that on June 8th 1991, Scientology was ordered to pay damages of £55,000 as well as £100,000 in costs to Bonnie Woods. This was due to publishing false and demeaning information about her to the general public for simply speaking out against the Church - an obvious example of the Fair Game policy still being in effect."

I don't see how they can turn this on us dub - we're not a public entity registered with the information commissioner. As long as we're stood on public property or we have the property owners permission, we have the right to take photos of whatever we damn well please as long as they're for personal use.

As for turning this into a prefab letter, I don't want to fall foul of us spitefully filing requests. I work for a bank and I know we were inundated with pre-formatted DPA requests regarding bank charges (some people didn't even bother to change the names on the letters) and we didn't ignore them. Considering the scale of the bank charges campaign, I'm surprised that the "higher-ups" didn't decide to ignore the obviously pre-formatted letters if it were illegal. Having said that, I'd rather put together a guide with some set phrases (such as the last two paragraphs of my current draft) as well as examples and sources for anons to put together themselves. Again, I don't think it's illegal to use pre-formatted letters but we've learnt not to give them an inch.

Quote:

Originally Posted by anontourist

What we ought to do is get a lawyerfag to draft a copy of the letter and have some of us hand in the letter, at the protests, for mega lulz.

Well, you can do that, but unless it's sent by registered post to the registered Data Controller's address listed on the DPR, it has no legal force.

Quote:

Originally Posted by musketeerwang

If it's anything like Freedom of Information (and I admit that I'm not sure it is) you need to be careful of organised copypasts bombardment - the authorities frown on it and in the case of FOIA, your query can and will be refused. This may be different given that it's about your own personal info, but still. It might be an idea to word individual requests.

Actually, the ICO's Data Protection Act website gives a suggested form letter to copypasta. I don't think they care. Data Subject Access Requests are supposed to be entirely automatic (ie., they have no right to refuse) for an organization to respond to.

Quote:

Originally Posted by dub

A word of caution.

If you are looking for CCTV information that might be stored about you, remember that the CO$ can turn this about on you if you have made any recordings of them.

Actually, no they can't. Individuals are allowed to store information for personal purposes. There is no right to retrieval unless the information is stored for one of the purposes listed in the Act.

Also, I love you dub, that list of Data Protection Agency sites is exactly what we needed. THIS IS GOING TO WORK.

The CoS got owned by the Hungarian Data Protection Registrar, too. See page 51 of this PDF.

A tiny thing, but would it be worth changing:

Quote:

Originally Posted by Anonyunderpants

I hereby request a copy of all documents and personal information relating to myself, including memo's, contact cards, private investigator contracts for myself, CCTV and photographic images.

to:

Quote:

Originally Posted by Anonyunderpants

I hereby request a copy of all documents and personal information relating to myself, including but not limited to; memo's, contact cards, private investigator contracts for myself, CCTV and photographic images.

Or not? either way good work to date!

great idea, one remark:

Quote:

These charges were subsequently dropped and instead charges of filing false police reports were placed on the Church of Scientology.

im not sure if they were placed already and in case they were, whether it was against the entity "Church of Scientology" or against an individual member.

I've been speaking to the Data Commisioners office. Ladies and gentlemen, we have our ace in the sleeve. We have 100% protection from Fair Game in the UK. I'm writing up a full report but probably wont be able to post it until after entub comes back online.

We're not far wrong with the current draft - there's just a couple of clarifications and amendments to do but what we're saying and hoping is 100% correct. UK Anons are safe - the data commissioners office has our backs.

The Data Protection Registrar is pretty much the dog with bees in its mouth so when it barks it shoots bees at them, I gather.

Someone needs to legally change their name to Xenu and then put in data protection act request - for great justice.

Quote:

Originally Posted by Anonyunderpants

I've been speaking to the Data Commisioners office. Ladies and gentlemen, we have our ace in the sleeve. We have 100% protection from Fair Game in the UK. I'm writing up a full report but probably wont be able to post it until after entub comes back online.

We're not far wrong with the current draft - there's just a couple of clarifications and amendments to do but what we're saying and hoping is 100% correct. UK Anons are safe - the data commissioners office has our backs.

That's awesome news! Thanks for doing my dirty work for me.

As I said earlier, the Information Commissioner's Office has had a lot of bad press lately in the UK what with the huge leaks of government information about people's private business and stuff. They are looking for good publicity and easy wins, and protecting all of us- though no doubt they'll paint us as a bunch of kids- from an evil cult is an extremely easy win for them.

Ok people, report time!

What's the idea?
We intend to use the data protection act to do one of two things - either to provide 100% complete and utter protection from fair gaming in the UK (and most likely in all EU countries), or we will catch them with their pants down their ankles, arseholes lubed up with spread cheeks as they break the data protection act and incur a full investigation into all procedures and practices by the Information Commissioner.

What's the drawback?
To do this you WILL be made known to them. If you're being fair gamed already then it's not going to make any difference. If you're not being fair gamed then you're handing all the details they need to fair game you on a silver platter with a "please rape me" sign on. However. If they do rape you, there will be a full investigation including incredibly hefty fines as well as the complete and utter loss of the right to hold personal data by the cult. Oh, and you'll be entitled to a very very nice sum of compensation which will be a slam dunk court case.

So what's the theory?
The Data Protection act provides you with a certain amount of rights with regards to personal information held about you anywhere in the UK as well as placing harsh restrictions on companies on how they hold and use that information.

You can read the full act here:
Data Protection Act 1998 (c. 29)

You can read the information commissioners explanation of the act as well as their summary of your rights here:
The Data Protection Act - Information Commissioner's Office - ICO

Quote:

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

* Fairly and lawfully processed
* Processed for limited purposes
* Adequate, relevant and not excessive
* Accurate and up to date
* Not kept for longer than is necessary
* Processed in line with your rights
* Secure
* Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help. Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken.

What this means is that the private data that Scientology uses to track and harrass critics must be correct and must be processed in line with your basic rights. They CANNOT give out your personal information without your consent and they can only use the information ever given to them for the purpose that it was given to them. If you gave them any personal information say, to request something that you're entitled to under, it would be very very illegal for them to use that information to fair game you.

So, the particular parts that we're looking at.

1. You have the right to request a copy of all the information held on yourself by a company. This includes all personal information, any internal documents or memos about yourself, CCTV and photos etc. To do this is called a Data Subject Request. Companies are allowed to charge up to £10 to provide you with this information and must do so within 40 days of recieving a request.
Source: How to access information - Information Commissioner's Office (ICO)

2. You have the right to request them to stop processing your information if you have good reason to believe it will cause you unnecesary distress. This is fair game. You have the right to tell them to stop fair game, and if they do not then the information commisioner will wade in, lawyers first. This does not cost anything and simply takes the form of a letter. They have 21 days to confirm that they have stopped processing your information or provide the reason that they have not. If the reason is not good enough or you believe it is false, then you can send the information commisioner in.
Source: Preventing processing of information - Information Commissioner's Office (ICO)

I spoke to the information commissioners office on the phone (08456 30 60 60) and confirmed the following:
- The Church Of Scientology would not be allowed to post your personal information including, but not limited to, age, date of birth, photos, address, phone number, sexual preferences, past convictions, current convictions, ailments and accusations to the general public or to other companies without your consent.
- Regardless of the other illegalities of fair gaming and harrasing you and your friends, fair game is more than enough justification to tell them to stop processing your information and the Church Of Scientology must comply by law. The lass that I spoke to confirmed that sh