Monday, 7 April 2008

Some one's got the hump!

Well, you take a few days off and all hell breaks loose.
That odious little man at the Corner Shop (Mr Rigg for it is he) has certainly got the hump(s)

Whilst his technical analysis is both amateurish and ignorant of how my Site Meter works (the link he highlights is a basic prĂ©cis for the public, it’s not the full version which I have access to) he has caused a few problems for this site.

The route to the Site Meter has always been open for anyone to view – there is nothing to hide about visitor rates and no claims as to self inflated figures have ever been made etc (unlike his site where no public access to his “popularity” is available). Without my own log on details, this site has always enjoyed an increasing readership base. However, by publicising the fact that the link exists, attempts have been made to “hack” into the site (and my computer) via the open gateway – my AVG and Zone Alarm software is working over time.

The Site Meter link is therefore off line at the moment, and whilst Mr Rigg will pop many a gasket with claims of skulduggery, it’s his fault that this happened.

What a paranoid man he has turned out to be.

However, what is more important is that his obsession with this site (Graham, why do you get up so early to check what I have posted on?) has meant that I have had to look at the legal situation and the following information has been offered by my advisor – something which perhaps “all” bloggers (and one in particular) should take note off before the situation escalates to far for certain individuals.

As we all know, the Data Protection Act regulates the collection and use of personal data. As such, IP addresses become personal data when combined with other information that is held (by any source) i.e. a name or a very specific location. The Site Meter link offered only an IP (or ISP address), whilst Mr Rigg has offered both an address and name. In my case, he has highlighted my name and my IP address – this is against the law and contravenes the Data Protection Act as he has identified electronic data about myself without my permission.

This will be taken up as a separate issue.

For anybody else who has recognised their IP address or has had their name highlighted (though not necessarily linked to an address) you need to be aware of the comments of the Information Commissioner, Elizabeth France, in 2001 (the legal precedent has not changed) who passed the following judgement:

“If static IP addresses were to form the basis for profiles that are used to deliver targeted marketing messages to particular individuals they, and the profiles, would be personal data subject to the Data Protection Act 1998. Thus the scope for using IP addresses for personalised profiling is limited…They will only become personal data if the website operator has some means of linking IP addresses to a particular individual, perhaps through other information held or from information that is publicly available on the internet”.

This interpretation also includes the deliberate linking of IP addresses and individuals names. May name have been linked to an individual IP address by Mr Rigg – this is interpreted by the Data Protection Act as personal profiling. This is against the law.

To make matters worse for Mr Rigg, the independent advisory EU body called the “Article 29 Data Protection Working Party” (it sets guidance rules for member state's) has offered the following binding judgement on how data cannot be used:

“The possibility exists in many cases, however, of linking the users IP address to their personal data (which is publicly available or not) that identify him/her, especially if use is made of invisible processing means to collect additional data on the user (for instance, using cookies containing a unique identifier) or modern data mining systems linked to large databases personally identifiable data on internet users”

The use of caches, cookies, and Google links to link IP addresses and names are therefore against the law.

This will be taken up as a separate issue.

Finally, lets us not forget how the Data Protection Act has been officially interpreted:

“If you wish to use IP addresses to identify or build a profile on each….visitors as an individual, even if they are never identified by name, you should assume that the Data Protection Act applies…. A Court will be influenced by the Information Commissioners guidance on this point….(and) gain consent before processing an IP address for these purposes, for example, via a data protection notice”

Therefore before any IP address can be linked to an individual, consent must be first obtained. The person who has offered this information, in this case Mr Rigg, must also issue a data protection notice or register as a data holder. I am 99.99% sure he has not done so. If he has, the public must have access to this notice.

I am surprised at Mr Rigg, surely he should have checked out his legal position in full before he embarked on his paranoid venture – but then again, this is the man who is pivotal to the BRENDA affair and the slanderous allegations which were made on his site and which he allowed to sit there unchecked.

It looks like his complete lack of intellectual judgement has let him down once again.

1 comment:

Dixon of dock green said...

Peter, I wonder if old 'Brown Tongue' Curly is browning somewhere else at the very thought of himself having broken the law.
He might even be sharing a cell with Mr Dix!