Connecting to free wifi at venues ? Make sure you read the small print!

DATA REGULATION / CONTRACT Live events sector Some 22,000 people have agreed to undertake 1,000 hours of community service – including cleaning festival toilets and scraping chewing gum from the pavement – in return for free wireless internet, reveals an experiment designed to illustrate a lack of awareness among consumers signing up for free in-venue wifi. Purple, who launched the experiment, said “We welcome the strengthening of data protection laws across Europe that GDPR [General Data Protection Regulation] will bring. Not only will it give wifi end users more control over how their personal data is being used by companies, it will also raise the level of trust in the digital economy”. During the experiment users were given the chance to flag the unreasonable condition in return for a prize. But only one person did. In separate news, Belgium newspaper De Standaard reports that the Belgian Privacy Commission is investigating the way the Tomorrowland festival shares ticket buyer data with the federal police to screen attendees for security reasons. 8 ticket-buyers have been excluded from the Belgian festival this year –    

Anonymous hackers jailed for cyber attacks
Data Protection , Internet , Privacy / February 2013

PRIVACY / COMPUTER CRIME Internet   A student and a church volunteer have been jailed for carrying out cyber attacks with the hacking group Anonymous, including one online assault that cost the payments giant PayPal at least £3.5m. The attacks targeted anti-piracy and financial companies between August 2010 and January 2011. Christopher Weatherhead, a Northampton University student, was sentenced to 18 months in prison on Thursday for his part in distributed denial of service (DDoS) attacks on PayPal, Visa and Mastercard in December 2010. Judge Testar also sentenced Ashley Rhodes, 28, to seven months in prison for his part in the activities of the self-styled “hacktivist” group. Rhodes, a church volunteer from Camberwell, south London, sighed and leant his head on the back wall of the dock as his jail term was read out at Southwark crown court. A third man, Peter Gibson, 24, was given a suspended six-month prison sentence for his part in the Anonymous attacks. The sentencing of a fourth man, Jake Burchall, 18, was adjourned. The Ministry of Sound estimated the cost of the attack on its sites as £9,000, while the International Federation of the Phonographic Industry’s costs were more than £20,000 and the British Phonographic Industry’s…

Trolls unmasked by mum

INTERNET Technology, Criminal Law, Data Protection The High Court has ordered that Facebook must reveal the IP addresses of internet ‘trolls’ who abused a woman user after she posted comments supporting failed X-factor contestant Frankie Cocozza. Nicola Brookes (45) received more than 100 ‘vicious and depraved’ messages, and trolls then set up a fake profile in her name and image– spamming Cocozza’s 98,000 online fans and seemingly suggesting that Brookes wanted to lure young girls.  Some messages falsely described her as a drug dealer, a prostitute, a paedophile and known child abuser, and others attempted to ‘befriend’ young girls. Her home address and personal email address were published. Sussex Police did not successfully intervene in Ms Brookes’ case, but Liam Stacey, received a 56 day prison sentencing after tweeting racist abuses about Bolton Wanderer footballer Fabrice Muamba after he collapsed with a heart attack during a premiership match against Tottenham Hotspur in March. Ms Brookes still uses Facebook. Solicitors Bains Cohen agreed to take the case pro bono and Rupinder Bains said Facebook had not contested the Norwich Pharmacal  action, and had agreed to hand over the information within six weeks. In India global hacking movement Anonymous has called for…

Cookie Update: Simkins’ Early Warning 14/06/2012 – A tough cookie to crack – update on implied consent
Data Protection , Internet , Privacy / July 2012

DATA PROTECTION, PRIVACY Internet, Technology   Following on from Simkins earlier report (, the ICO’s grace period for cookie compliance came to an end on 26 May 2012. The ICO has now also revised its guidance on the use of cookies. The revisions consist of new commentary on the scope for reliance on implied consent. The ICO acknowledges that implied consent can be a valid means of obtaining the user’s informed consent – especially in the case of analytics cookies, where implied consent may be a more practical and user-friendly means of obtaining consent. If the site operator is to rely on implied consent, the user must take some kind of step (such as visiting a website, navigating to a certain page, or clicking on a particular button) from which the user’s consent to the setting of cookies can reasonably be inferred. Simply visiting a website is not enough to imply consent on its own: there must be a sufficient indication that the user understands and agrees that, in addition to providing content or services, the site operator may store cookies on the user’s device. Implied consent depends, therefore, on providing the user with clear and readily available information…

ACS:Law’s owner fined just £1000 for data leaks

COPYRIGHT / DATA PROTECTION Internet Andrew Crossley, former principle of ACS:Law, the legal firm which had previously targeted alleged P2P file sharers,  has been fined £1,000 by the Information Commissioner’s Office in relation to the data-spill that occurred from ACS:Law’s servers, which revealed personal details about over 6,000 suspected file-sharers. The data spill occurred after ACS:Law accidentally published private data about potential defendants  when their servers were targeted by a Distributed Denial Of Service attack by those who opposed the law firm’s tactics. The ICO’s investigation showed Crossley had taken no professional advice when setting up his server, had no firewall and was relying on a web security package designed for domestic use. However the much lower fine was applied because ACS:Law no longer exists and Crossley seemingly pleaded “limited” financial resources.  A fine of up to £200,000 could have been imposed. PC Pro magazine has reportedly asked the ICO how they verified Crossley’s “circumstances”. More on data – the three-strikes system administered by the Hadopi agency in France was put on hold in mid-May after a data spills. The agency was recently sending 5,000 warning letters per day to suspected file-sharers, but the letter sending was halted when it…

Websites and the law in the UK
Copyright , Data Protection , Internet , Trade Mark / September 2005

COPYRIGHT, TRADE MARK, DATA PROTECTION Internet This is a link to a useful article by John Simmons of Collyer-Bristow, solicitors, on managing to stay within the law with a UK website: ‘Keeping Your Website Legal’. See:

Data Protection Act Guidelines – a Practical Summary By Sarah G Staines, solicitor

DATA PROTECTION AND PRIVACY Retail, Merchandising, Internet, Artists ARTICLE:  The Data Protection Act 1998 (the “Act”) is unusual in English law in that it gives considerable discretion to the person (or company) controlling and handling information which identifies living individuals. There are eight Data Protection Principles in the Act which oblige “best practice” when businesses are collecting, using or keeping computer (or other regulated paper system) stored information, which identifies living individuals. The Act uses obtuse definitions such as “data subject”, “personal data” and “data controller”. The supervisory authority enforcing the Data Protection Act – the Information Commissioner’s Office (ICO) encourages business owners to “embrace the spirit of the legislation” and recommends a practical and pragmatic approach to the Act; but only provides guidance which it admits is intended for lawyers and not for Directors or Managers of SME’s. One thing is clear – paying lip service to the Act is not an option; even if your business is “notified” to the Information Commissioner as a controller of personal information, unless you are complying with the Act your actions could lead to civil and/or criminal prosecution. What is Personal Data? The starting point is to decide whether the information is protected by the Act. In…

Criminal Proceedings Against Lindqvist ECJ C101/01
Artists , Data Protection , Internet , Privacy / November 2003

DATA PROTECTION AND PRIVACY Internet, Artists This case arose out of a simple set of facts. A religious instructor for the Swedish Church, Bodil Lindqvist, posted up webpages on her home computer which were aimed to help parishioners prepare for their confirmation. The administrator of the Swedish Church’s website provided a link from their website to the defendant’s webpages at her request. The webpages contained information about colleagues of the defendant with first names and in some instances full names, address and telephone numbers. The defendant also remarked that one colleague was on half time work because of medical reasons – she had injured her foot. The web pages were mildly humerous but the defendant had not asked for permission from any of the parties featured. She also had failed to notify the Datainspektionen, the relevant Swedish supervisory authority, of her activities. The Defendant was charged with (i) processing personal data by automatic means with notification to the relevant authority (ii) processing sensitive personal data without authorisation and (iii) transferring the data to a third party [via the internet].The Gota Hovratt (Court of Appeal, Gota) referred the case to the European Court of Justice for clarification of EC Directive 95/46/EC….