Plain English Data Protection Act 2018 – Part 4.2

0
34
views
Anonymous Spy v. Spy
Anonymous Spy v. Spy

Part 4.2 – Intelligence Services Processing

Sometimes I wander into a dark corner of legislation and I come out of it huddling up with my knees against my chest while I rock back and forth. This was one of those times.

Chapter 4 – Controller and Processor

Section 101 – Overview

A table of contents because without it we wouldn’t be able to know where we were or what was going on. It’s like being in a shopping centre with one of those maps with the ‘you are here’ arrow on it. Then running into one of these bad boys every ten feet.

Section 102 – General obligations of the controller

Hmmm, it appears the Information Commissioner has some kind of power over the Security Services? She can make them demonstrate that they are compliant? That first meeting would be fun to sit in on.

Section 103 – Data protection by design

A reiteration of this principle, keeping in mind that GCHQ is the organisation that secretly wiretapped the internet trunk lines that came into the UK effectively tapping the entire world’s communications. I’m just saying that past demonstrations don’t bode well for these guys thinking about people’s security in any meaningful way.

Section 104 – Joint controllers

Intelligence services can tag team your personal info, in all the same ways that any other controller can tag team personal info. I’m going to try and only use the word ‘redundant’ this one time. Every other mention will be through more masterful prose.

Section 105 – Processors

I think this might be déjà vu. Processors can process data on the behalf of controllers.

Section 106 – Processing under the authority of the controller or processor

It’s amazing I’ve never actually read this passage before, oh wait I have…repeatedly.

Section 107 – Security of processing

Keep it secure folks. All this talk of processors for intelligence services has got me wondering how many 3rd party data processors work for/with intelligence services to analyse data? A little google-fu and it turns out that around 100 external it contractors have privileged rights to operational systems within GCHQ.

Section 108 – Communication of a personal data breach

Tell the information commissioner if you lose your data.

Chapter 5 – Transfers of Personal Data Outside the United Kingdom

Section 109 – Transfers of personal data outside the United Kingdom

Surely they would never send our data outside the country, would they? Oh, yeah, the Five Eyes programme to share data with four other countries to support international intelligence gathering.

Chapter 6 – Exemptions

Section 110 – National security

Essentially a blanket, what we are doing is ok statement. I was curious about the term ‘National Security’ though and looked it up. I couldn’t find a very good definition. I did find a few legal blogs arguing for a better definition that didn’t allow for so much uncertainty. But the best definition I could find came from a mention that MI5 have defined national security as the security and well-being of the UK as a whole. That feels broad. That feels like a little kid stretching his arms out as wide as they go saying I love you this much mommy.

Section 111 – National security: certificate

The formal mechanism allowing Martial Law to be conducted. At least it takes someone outside of the Intelligence Services, Ministers of the Crown which narrows it down to 23 people.

Section 112 – Other exemptions

List of excuses for not doing anything laid out in this part.

Section 113 – Power to make further exemptions

If they don’t like the rules they can get the Secretary of State to write new rules. I believe this is less than the number of Ministers of the Crown, we are now looking at 18 individuals.

Thoughts

I’m glad this part is over now. I can remove the tin foil hat and go about my normal business.

Previous articlePlain English Data Protection Act 2018 – Part 4.1
Next articlePlain English Data Protection Act 2018 – Part 5.1
Born into the wilds of mid-western America, Matthew has lived his life creating. The kind of kid that bought a tarp, some PVC pipe and a skate board; fashioned himself a windsurfing set-up and then saw an opportunity in a local tornado. "Sorry Mom." Undergraduate in Art and Design, Doctorate in Scottish History, Matthew came late to the realisation that if he's going to use his diverse skill set he'd have to employ himself.
SHARE