Twitter

video: behind the scenes at a leading moderation provider

By on Jun 25, 2008 in conferences/events, Data Protection Act, internet libel, journalism, law, online community, social software | 1 comment

This morning I had the pleasure of interviewing Dominic Sparkes*, Managing Director of Tempero, one of the leading online content and community moderation providers. Other UK based moderation providers include ChatModerators and eModeration Ltd. In the video, Dom provides insight into a rarely seen side of community moderation – what sorts of issues potential clients are worried about when they approach Tempero, the training provided to moderators, and things that site owners can do to make the lives of moderators easier: *Disclaimer: Dom and Jasmine Malik, the co-founders of Tempero, were colleagues of mine at Granada (now ITV). I consider them, as well as several of their employees, to be friends. I’ve also had a professional relationship with Tempero as well as ChatModerators and am friends with several people at eModeration Ltd. It’s a small...

video on privacy and social networking

By on Nov 26, 2007 in Data Protection Act, online community, social software |

A couple of weeks ago, I wrote a post explaining my decision to take a lot of personal information off my facebook profile following a number of informal chats I’d had with various people about privacy, identity theft and the mining of my data for commercial gain. One of the responses to that post came from Colin McKay, Director of Communications at the Office of the Privacy Commissioner, Canada. He said: "We’re in a period of real transition, where the youngest generation is blissfully comfortable exchanging information for services without really evaluating the real value – or cost – of the transaction." To illustrate the point, the Canadian Privacy Commissioner’s office has created the following video which they’ve made available on YouTube: There’s one line in the video that I find particularly chilling: "every time you add information about yourself, it’s like filling in a survey… all without your knowledge, consent, or having ever been...

using the data protection act to reclaim charges (2)

By on Feb 20, 2007 in activism, Data Protection Act, law | 1 comment

On the 5th I posted about my quest to use the data protection act, and some knowledge gleened from the internet, to claw back some of the bank charges I’ve paid over the years. I wrote “Data Subject Access Request” letters to my bank and two credit card companies, asking them to provide me with details of all penalty charges I’ve paid out over the last six years (the limit on claiming). Two points to my bank who wrote back to me by the end of the week to confirm that they would supply the requested information without charge, returning my cheque for £10, the maximum amount they can charge for processing requests under the Data Protection Act. And on Friday I received three large envelopes from my bank with details of every transaction – approximately 200 pages worth – I’d made using my account with them. The charges total £680 and many of them were of the triple whammy variety where you go over your overdraft and then get charged £25 for each of the next three transactions for a total of £75 – often incurred in a matter of hours. This evening I will be writing back to my bank detailing these charges and explaining that I don’t feel the penalties were valid, using my own spruced up version of the template letter found here. I’m still waiting to hear from the other two banks / credit card providers. I’ll continue to update the process of claiming these unfair bank charges back here, so do bookmark this page if you’re interested in following my...

Using the Data Protection Act

By on Feb 5, 2007 in activism, Data Protection Act, law | 3 comments

Most journalists have heard about the Freedom of Information Act, a useful tool in gaining access to information held by government agencies. The Press Gazettes FOI campaign and the BBC’s Open Secrets Blog are as good places as any to start learning about how journalists and media organisations are using this tool. But many journalists don’t realise that they have another powerful tool at their disposal – the Data Protection Act 1998. I first discovered the usefulness of the Data Protection Act a few years ago when I used it to claim back thousands of pounds from an academic institution that, whilst very good at chasing me for tuition fees, hadn’t provided the amount or level of tution I would have hoped to have received. I argued the case that I’d been mistreated (well, more like not treated at all!) to no avail so I decided to use the UK’s Data Protection Act to force the institution to reveal what, if any, records they held on me. The records revealed a catologue of issues and helped me make a much stronger, and ultimately successful, case for a full refund of tuition fees paid. Towards the end of last year, I tried to use the Data Protection Act again, this time to get some records from Google after I was kicked out of their AdSense programme without explanation. Two letters later and I’ve still not heard back from them although some readers of this blog who have taken the same steps as I did had almost immediate results. Eventually get around to chasing that up again but, as no money is at stake, it’s kind of fallen on the backburner for now. This weekend, I decided to take a few minutes to go on another Data Protection Act adventure, this time in an attempt to reclaim bank and credit card charges. Anyone who has ever accidently gone over their overdraft limit, forgot to post a cheque to a credit card company in time, or had a cheque returned uncashed will know that banks charge as much as £75 each time this happens. Now I usually try to be good about keeping payments and such up to date but, over the past years, am sure I’ve paid a few hundred pounds in such fees. So, inspired by letters in the pages of the Guardian’s excellent Saturday Money supplement and the website of “Money Saving Expert” Martin Lewis, this weekend I sent Data Protection Subject Access requests to my bank and two credit card providers. I’ve asked for a full list of charges made against me, instead of statements per se (which aren’t covered by the DPA), and enclosed a £10 cheque with each to cover the statutory maximum that the bank can charge to supply the information requested. Once I get the information I’ve requested, I’ll then write to each of the banks, explaining that the charges were disproprotionate to the cost actually incurred in sending them and, as such, they are penalty fees that would not hold up under UK contract law. I’ll let you know how I get...

would you post images of your retina online?

By on Jan 26, 2007 in Data Protection Act | 1 comment

Wednesday 2:19 pm 1/24/07 London, England Originally uploaded by robinhamman. One of the things I finally got around to whilst I was on my recent extended holiday was getting a new pair of glasses. I went for a pair of quite geeky (but that’s cool these days, honest!) black plastic ones. At the exam, my opthamologist used something called an Panoramic200 Scanning Laser Ophthalmoscope to generate a high resolution digital scan of my retinas. Today, about a month later, I’ve finally received an email with those images attached and they’re really beautiful. Not just because they contain a view of my own eyes that I’ve never been able to see before or, indeed, because my eyes are in any way particularly lovely or different from the next person’s. But from a “isn’t biology wonderful” and “hey, check this out” perspective, I’d love the post the photos here and/or on flickr. The question is, should I? According to BiometricNewsPortal, retina scans have an error rate of one in 10 million in comparison to fingerprinting which can result in an error rate as bad as 1 in 500. The site also says that: “retina biometrics systems are suited for environments requiring maximum security, such as Government, military and banking. Retina biometric systems have been in use for military applications since the early seventies…” I don’t want to get into the debate about whether governments should issue state, or in the case of the EU, supra-state ID cards or biometric passports, etc. But I’m thinking that, as cool as those retinal images might be, it could very well be a bad idea to post them online. In fact, I should probably be emailing the optician to request that they delete the...

google fails (so far) to comply to my data subject access request

By on Oct 24, 2006 in activism, blogging, citizen journalism, Data Protection Act, law | 7 comments

Regular readers of cybersoc.com will recall that back in August I got kicked out of Google Adsense. I appealed to Google, asking for them to spefically disclose what, if any, evidence they had that I had broken their terms and conditions or had engaged in “click fraud”. The email response I received following my appeal appeared to be automatically generated which got me thinking, perhaps the whole process of being banned had been an automated process based upon some data they’d gathered about me or my audience. “Hey, that’s kinda scary” I thought, “what data does google collect each time I search, each time I visit a page displaying a google ad, each time someone visits my pages displaying google ads? How are they using this data??”. By this stage in my thought process, having proof that I’d been unfairly kicked out of adsense actually became secondary – I really just wanted to know what information Google had about me and why… So I sent Google’s UK office a Subject Access Request which, under the provisions of the Data Protection Act 1998, a UK law that requires anyone gathering or storing data to disclose what information they hold and how that information is, has been, or will be used. Google can, if they wish, charge me a nominal fee (£10 I think is the upper limit) for photocopying, printing and posting of the data to me – and they have 40 days to reply. It’s now been 37 working days, 54 days in total, since I wrote to Google. I am now drafting them a letter explaining that, by not complying with my previous request, they may be in breach of the provisions of the Data Protection Act. My letter will give them a strict deadline of ten days for a response and, should they not respond, I will complain to the Information Commissioner. More when there’s...