Search
Content type: Examples
12th August 2019
The Home Office Christmas 2018 announcement of the post-Brexit registration scheme for EU citizens resident in the UK included the note that the data applicants supplied might be shared with other public and private organisations "in the UK and overseas". Basing the refusal on Section 31 of the Freedom of Information Act, the Home Office refused to answer The3Million's FOI request for the identity of those organisations. A clause in the Data Protection Act 2018 exempts the Home Office from…
Content type: Frequently Asked Questions
27th October 2020
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content type: Examples
17th May 2019
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of content typed into emails or Word. The data was originally transmitted to the US, but in an effort to comply with GDPR Microsoft had switched to storing the data in Europe. The Dutch government was…
Content type: Explainer
30th July 2020
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: Frequently Asked Questions
28th May 2020
The right to access your personal data (or access right) is just one of a number of data rights that may be found in data protection law, including the European Union's General Data Protection Regulation. Data Subject Access Requests, or DSARs, have helped us several times understand the extent of data companies and governments might hold on us, how this data might be shared among various recipients, or what other third parties a company might be using to obtain additional data and enrich their…