Customize

Euro-folks: Data Protection Laws and Lulz

Discussion in 'Think Tank' started by Theta Omega, Apr 8, 2008.

  1. Theta Omega Member

    Euro-folks: Data Protection Laws and Lulz

    Hey, so something just occurred to me. I know this is long, but there is the potential for EPIC levels of win (and the complete destruction of CoS plans, to boot.)

    In Europe, there is a thing called the Data Protection Registrar. Every EU country has an implementation of this- in Britain, for example, it's called the Data Protection Act (1984, 1998 ). Basically the way this works is that any organization that stores or collects personally identifying data must register with the Data Protection Registrar. At that point, any person who believes an organization is storing data about them is entitled to a full and unabridged copy of that information, or proof that no data is being stored. The organization is allowed to charge a reasonable fee for extracting this data, but the DPR sets the fee- in Britain, it's about ten quid and the fee is similar in other European countries. You give them some means of identifying you in their databank, and they have to then search for it. They don't have a choice, and they have a limited time in which to give you your copy. This, of course, costs them a lot of money.

    If they decline to comply, the Data Protection Registrar then totally owns them in court, since you have a statutory right to that data. All forms of data are now included since the 1998 and 2000 amendments (it used to just be computer-based info, but now photographs, paper files and video tapes are included, as well as any other form of information that is personally identifying.)

    Mark Thomas, excellent satirist and general thorn in the side of authority, used this to great effect when he encouraged people to send photos of themselves to anyone who had a CCTV system. These organizations then had thirty days or so to search through all their tapes and find any footage of those people who had submitted a request. Even the police and city governments were forced to comply, so I doubt the CoS can escape.

    Obviously this doesn't work too well for people who are still anonymous, but lots of people have been named, and we have lots of ex-scns; have any of you tried submitting a Data Protection Act request? If you live in Europe and the data is used there- regardless of where it may be nominally stored- you are protected by the various Acts.

    I'd love to see them try to get out of this one. Fair Game loses bigstyle to the European Court. We could massively own them, since if they refuse to comply with a properly formatted request, they lose their right to hold data of any form on anyone at all, not just the person whose request was refused. Given that they also have a limited timespan to respond, I can easily see them losing out of sheer ineptitude.

    Better still, you CANNOT sign away your Data Protection Act rights in any form of contract.

    There is the potential for massive win and hilarious lulz, as well as a large measure of insider info to come out here.

    Who's up for it? You know you want to.
  2. Re: Euro-folks: Data Protection Laws and Lulz

    Certainly something that I've thought of a few times and wasn't sure how to pitch it. You got my thoughts down exactly :)

    I'm gonna try and dig through the DP training here at work because I think there's also a clause which says that data can only be retained for the purpose that it was collected - so I'm fairly certain that Scientology would have to provide a purpose. I'm thinking that "To stalk our critic" would not go over well in a class action lawsuit defense.
  3. Re: Euro-folks: Data Protection Laws and Lulz

    You're forgetting two important points: relevance and timeliness.

    The COS would have to prove why they are storing the data about a person (why it is relevant) and then justify why it is still being stored.

    I would love to see their response to this, but also don't want to namefag myself.
  4. Re: Euro-folks: Data Protection Laws and Lulz

    I'm reading through the act at the moment, but I think I have just found an ace in a fight against fair game:

    10 Right to prevent processing likely to cause damage or distress (1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—
    (a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
    (b) that damage or distress is or would be unwarranted.
    (2) Subsection (1) does not apply—
    (a) in a case where any of the conditions in paragraphs 1 to 4 of Schedule 2 is met, or
    (b) in such other cases as may be prescribed by the Secretary of State by order.
    (3) The data controller must within twenty-one days of receiving a notice under subsection (1) (“the data subject notice”) give the individual who gave it a written notice—
    (a) stating that he has complied or intends to comply with the data subject notice, or
    (b) stating his reasons for regarding the data subject notice as to any extent unjustified and the extent (if any) to which he has complied or intends to comply with it.
    (4) If a court is satisfied, on the application of any person who has given a notice under subsection (1) which appears to the court to be justified (or to be justified to any extent), that the data controller in question has failed to comply with the notice, the court may order him to take such steps for complying with the notice (or for complying with it to that extent) as the court thinks fit.
    (5) The failure by a data subject to exercise the right conferred by subsection (1) or section 11(1) does not affect any other right conferred on him by this Part.


    Now forgive me if I've misinterpreted - but my understanding of this is that if you have reason to suspect that processing of any personal data for any purpose is likely to cause you distress or damage then you can request the company to stop. And they must. By law.

    Holy shit.
  5. karmanon Member

    Re: Euro-folks: Data Protection Laws and Lulz

    XIINGEpic win for Europe. Data protection act = win.
  6. Anonymeep Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Perhaps some Anon who is better versed in legalese can write a nice little summary of this? If it's true, we need to know how to formally start the procedure - and post it all over the place. Anyone who's been IDed needs to know.
  7. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    There's lots and lots of UK information on the ICO's site, and it's all pretty readable: here

    All you have to do is send their registered office a letter along these lines:

    Your full address
    The date


    Dear Sir or Madam or Thetan lol

    (Your full name and address and any other details to help
    identify you and the information you want.)

    Please supply the information about me I am entitled to under
    the Data Protection Act 1998 relating to (give details of the
    information you want). (Please would you also tell me the logic
    involved in any automated decisions you have made about
    me.)

    If you need any more information from me, or a fee, please let
    me know as soon as possible.

    If you do not normally deal with these requests, please pass
    this letter to your Data Protection Officer or another appropriate
    officer.

    Yours faithfully

    Signature


    Sadly, there's no such thing as a class action in most European countries, particularly Britain.
  8. Re: Euro-folks: Data Protection Laws and Lulz

    This is fantastic, I hadn't realized this included paper now too!
  9. Re: Euro-folks: Data Protection Laws and Lulz

    Pity class action doesn't exist. And as normal - make sure any requests are sent recorded delivery and keep a diary when going through the process.

    As the ex-scio at our local protest said (albeit about minimum wage) "They'll have either found a loophole or flat out ignored it." If they've found a loophole then obviously by the text of the act, it is open to interpretation.
  10. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Apparently they lost a Data Protection case in Denmark, and if they lost in Denmark then they can lose in the rest of Europe too. There's actually a nice article about their registration information here: bit old, but good. This says they lost a Data Protection Act case in 1991, and they were fined, so they now must comply or be heavily censured- they could lose their DPR right to hold any data at all.

    The Data Protection Act is, in a sense, retrospective; it covers all data, regardless of the date on which it was collected. Records were supposed to have been destroyed prior to the date of first registration, which in the case of the CoS was in 1999. Obviously, I don't think they actually did this (it would be completely against their modus operandi) and so we can get hold of all sorts of interesting info.

    Okay so here's their registration in the UK. Information Commissioners - Data Protection Register - Entry Details

    THIS SAYS THEY CANNOT TRANSFER INFORMATION OUTSIDE THE EEA! that means sharing info with Flag etc., is COMPLETELY ILLEGAL.

    Here's them again in the UK: Information Commissioners - Data Protection Register - Entry Details

    This says they can send stuff to the USA, but again, you're entitled to know what they do and who they sent it to.

    If a few dozen unmasked anons or unanimous folks make requests that include requests for CCTV footage- include a passport-sized photograph in your letter, and yes, send the letter by registered post- they will have to comb their security camera footage. Stuff collected by their investigators is also covered. Since they have this huge DPR registration, and since they've lost in the past, they must comply. If they get nailed again, it'll be much worse for them. They have no chance to survive this; their Fair Game tactics are completely illegal.

    Their DPR registration expires next January, and of course they will renew it, but it's possible we can force them to add to the list of data sources they use. There doesn't seem to be a loophole here; they are simply not allowed not to respond to requests for data. Everything is covered. If they have had internal conversations about you- memos, emails, anything- then you are entitled to a copy of those, too.

    Hilariously, they list credit reference agencies as a data supplier.

    I can't reiterate enough. This worked for Mark Thomas against the Government. There's no way on earth (or any of the other planets they think they've been to) that this can fail. The CoS will fail because the government completely hates them. This could be an absolute goldmine of information about their internal workings; this could literally tell us exactly what they're planning to do re Fair Gaming the unmasked UK-anons.

    Data extracted under the Data Protection Act is admissible in evidence, and is grounds for injunction against the Data Controller's agents, which basically means: they have to tell you what they know, they have to tell you what they're planning, and then you can go to your solicitor and have them legally prevented from executing their dirty tricks. Then if they actually do any of them, you win. Epic. They are not allowed to use data for purposes of "causing harm or distress". That means they lose.
  11. Re: Euro-folks: Data Protection Laws and Lulz

    I'm sickying this as it has great importance to UK activists, and many Europeans too. Also as it's law and they have to comply without debate.
  12. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    I've had a think about this, and I think this is how it should work.

    OPERATION DATA PROTECTED

    Do you have knowledge of the Data Protection laws in other countries than the UK? I don't. We need people who do to come up with the info for any countries where we have people.

    People? What kind of people?

    We are looking for people who:

    • Are ex-scio, and spent some or all of their time in the UK or other European countries, or
    • Are anon, but got unmasked, or
    • Are being fair gamed, or
    • Just don't give a shit

    Do you fit any of these categories? Then great! We need to find as many people like that as possible, so that we can file HUNDREDS of Data Protection requests. The thing is, even if they don't have data on you, it costs them a whole bunch of time and money searching. The downside is that you have to identify yourself to them, so you really need to fit into one of the four categories above.

    What do you need to do to participate in Operation Data Protected?

    It's really simple. You take the form letter from the post above, fill in the blanks, you add a passport-sized photograph of yourself, and you send it to both of the addresses listed on the Data Protection Register (links above). If you're not in the UK, you can help by digging up the equivalent info.

    What happens next?

    Epic, epic lulz. They have 21 days to respond, and that response can take the form of:

    1. They run around and go absolutely apeshit trying to dig up any info on you they might have, frantically deleting as much as possible.
    2. They send you a letter saying that they have info, but there is a copying fee. (In fact, the copying fee is limited by law, and the maximum is £10. That includes copying video evidence if they have you on CCTV.) You should respond by sending them a postal order. (I'm guessing you don't want them getting hold of your bank account details, dig?) It'll be a small price to pay for the immense lulz that will result.
    3. They will send you a packet containing all of the info they have on you- emails sent between scitols, memos, their fair game files, CCTV tapes, investigator reports, photos taken by private dicks, anything that has your name in it. They have to do this by law.

    If they take longer than 21 days, or try to claim they have no data on you when in fact you know they do (they're fair-gaming you, or have sent you a letter, or whatever), you get to complain to the Data Protection Registrar, which is a division of the Information Commissioner's Office in the UK. This is a serious crime, and carries very stiff penalties. They lost once in 1991 and if they do it again, they will probably be made an example of by the ICO, which is desperately trying to look good despite all the data loss fiascos of the last few months. The government in the UK freaking HATES the CoS and they will act.

    How we proceed from that point depends on what's in the packets we get back. Whatever we do, it'll be totally awesome. We'll know their innermost secret discussions. We'll know what they plan to do. We'll know who's involved in fair gaming. We'll know more than they do, since we will then demand that all the information they return be destroyed (since the Act states clearly that keeping data for purposes of harming or frightening people is entirely forbidden). This has the potential to completely destroy the way they deal with Anon in Europe.

    Then we will have caek.

    If anyone has better suggestions I'd love to hear them :)
  13. goose1 Member

    Re: Euro-folks: Data Protection Laws and Lulz

    A ligit business might get their Data Protection Officer to scan thru videotape for the face matching your passport photo; Scilons will surely just say 'couldnt find anything'. What's to stop them?

    I guess the Data Protection Act works best if you have hard evidence that they recently used the info that they have on you - eg. by sending a letter or leaving an answerphone message.

    Evidence of them collecting info (video cameras at protest, private dic snapping licence plates) - is there anything that can be done with that? I mean if Scilon says 'it's deleted now' is that them off the hook?
  14. Re: Euro-folks: Data Protection Laws and Lulz

    Also note that data can only be retained for the purpose that it was collected. Even if you aren't being fair gamed and you write a letter in requested a DSAR (Data Subject Access Request), they CANNOT use the information in the letter to fair game you. If you do get fair gamed after writing in, then I'm sure the Data Protection Registrar would love to know that they have mis-used data...
  15. musketeerwang Member

    Re: Euro-folks: Data Protection Laws and Lulz

    So this is looking at the least like an affordable recourse for UK/EU anons that get Fair Gamed. Sweet.
  16. Re: Euro-folks: Data Protection Laws and Lulz

    Note that I haven't been fair gamed, but I'm willing to put my pen where my mouth is on this one. Initial draft:

    Dear Sir,
    I am writing to you to make a Data Subject Access Request (DSAR) as provisioned in the Data Protection Act. I hereby request a copy of all documents and personal information relating to myself, including memo's, contact cards, private investigator contracts for myself, CCTV and photographic images. Please find enclosed a postal order for the value of £10 – the maximum amount that you are allowed to charge an individual for providing this information under law.

    I would like to remind you that you have 21 days to provide all the information that the Church of Scientology holds on myself and not to do so will be a second breach of the Data Protection Act committed by the Church.

    I have reason to believe that the Church Of Scientology is holding personal information on me, on the basis that I was photographed by a Scientologist speaking to a police officer while expressing free speech at a peaceful protest. This was outside the York mission of Scientology on March 15th 2008 and will be verified by other peaceful protesters as well as the officer I was speaking to. If needs be, they will be called on as witnesses in a court case if you fail to produce the information on myself. I have enclosed a passport photograph of myself to help you identify which photo is of me.

    I am also taking this opportunity to make a formal request for the Church Of Scientology and all of its associates to cease all processing of information about myself. Scientology has in the past conducted a policy called Fair Game where it endlessly and illegally harasses critics for simply expressing their right to free speech.

    While the organisation has indeed retracted the term Fair Game, it is completely obvious that the policy is still in effect – most likely under a different name – due to hundreds of hours of footage and thousands of victims accounts of themselves being "fair gamed". Because this policy will obviously cause me distress by being stalked and having my privacy invaded, I am ordering the Church to cease any and all processing of information relating to myself as is my right under the Data Protection Act. Failure to comply with this will result in a complaint to the Information Commissioners Office as well as legal action being taken by myself to claim compensation, again as provided under the Data Protection Act.

    Again, I would like to remind the Church Of Scientology that using information for any other purpose than what it was intended is a breach of the Data Protection Act. If, for example, the Church Of Scientology decided to use the information provided in this letter to "fair game" myself then they would be in gross violation of the Data Protection Act and I would be entitled to a large sum of compensation.

    The information provided in this letter is to be used only for providing myself with copies of any and all private information held on the Church Of Scientologys records.

    If you are unable to find any information on myself on your systems, then I respectfully request that the £10 be donated to the organisation "Cult Information Centre" (Registered charity no.1012914). This organisation is set up as a charity designed to help the victims of cults and their families. They provide avenues for people to escape from oppressive organisations that quite often operate under the guise of a religion.

    I look forward to your reply within 21 days.



    Thoughts?
  17. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Well, given that DPA returned material is admissible as evidence in court, they are actually committing perjury if they lie. The ICO and DPR will investigate on your behalf if you complain to them; enough complaints and they will audit (lol). Which is massively bad for the Scitols, of course.

    This was really all you needed to say- the Fair Game stuff is unnecessary and antagonistic, I think. Remember that large organizations often get DPA requests and they normally comply without discussion. Then again, if you enjoy being unnecessary and antagonistic (who doesn't) then go right ahead, it'll be fun to see what they do :)

    Yay! This is gonna cost them a packet.
  18. Re: Euro-folks: Data Protection Laws and Lulz

    According to DPA to cease processing information you need to provide a solid reason that you believe the data will cause you harm, otherwise the company can ignore the request. We're not dealing with an organisation interested in good customer service - they will use each and every advantage and loophole they can. I believe we have an Ace, Jack Queen and King here. If we don't cover the loopholes then we're missing the queen. All we need is a 10 (lawyers) and we have a full house. Without the queen it falls apart. That paragraph needs to stay - if anything I think I need to expand that paragraph more.

    Edit: thinking about it, I also want to change the last paragraph to state exactly what I want.

    "I look forward to your reply with all the personal information on myself as well as written confirmation that you have stopped all processing of information, or the reason that you have not, within 21 days."

    I want to be able to hold this up in court if neccesary and they need to reply with confirmation or a reason. I believe if I can hold up a letter showing that they have ceased all processing if they do try to fair game me, then they will become fair game for the information commissioner.
  19. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    You have a good point, well made.

    Shall we turn this into a form letter that people can fire off at zero effort? :)

    Excellent, and yes- that is exactly the strategy we can take. The ICO will do our dirty work for us. They are looking for a win at the moment, and this is an easy one for them. Fair Game information gathering is completely illegal under the Data Protection Act.

    I do think that you should remove the part about the charity donation, though- if they're going to refuse to comply, you should force them to return the PO :)
  20. anontourist Member

    Re: Euro-folks: Data Protection Laws and Lulz

    What we ought to do is get a lawyerfag to draft a copy of the letter and have some of us hand in the letter, at the protests, for mega lulz.
  21. Re: Euro-folks: Data Protection Laws and Lulz

    I've been looking for local law firms who do drop-in advice sessions and have a couple of leads that I'll check out tomorrow and see if I can run the drafts of this letter past them.

    For the same reason that Scientology will try to use every loophole available, I do want to use the paragraph "
    The information provided in this letter is to be used only for providing myself with copies of any and all private information held on the Church Of Scientologys records."

    I want to make sure that they can't use an argument like "well he said the information we already have - we recieved this information after the info we already have." I don't think they have anything other than a few photos of me without a mask on (although they've probably linked this username to the photo now) and the info on this letter would be a goldmine.

    Either they comply 100% with the letter and the law and I'm safe from fair game, or they ignore it, fair game me and I have the information commisioner pay for my lawyers.

    I've also expanded a little bit on the reasons why I'm telling them to stop all processing - this seems to be the only part of the law which is possibly open to interpretation and discussion so I want this to be a slam dunk.

    This is the draft at the moment (few gramatical errors I've noticed as well):

  22. musketeerwang Member

    Re: Euro-folks: Data Protection Laws and Lulz

    If it's anything like Freedom of Information (and I admit that I'm not sure it is) you need to be careful of organised copypasts bombardment - the authorities frown on it and in the case of FOIA, your query can and will be refused. This may be different given that it's about your own personal info, but still. It might be an idea to word individual requests.
  23. Re: Euro-folks: Data Protection Laws and Lulz

    Cite Bonnie Woods. Legal precedent that resulted in Scientology paying out to her and having to publicly apologise. Case closed.
  24. dub Member

    A word of caution.

    If you are looking for CCTV information that might be stored about you, remember that the CO$ can turn this about on you if you have made any recordings of them.

    for Irelandanons, here are the CCTV rules of the Data Protection Act 1988 and 2003
    Data Protection & CCTV - Data Protection Commissioner - Ireland

    Maximum price they may charge for supplying the information €6.35
    and they can only retain the information for 40 days.

    and for all you Euroanon out there:

    European Union Data Protection Authorities
    Austria http://www.dsk.gv.at/
    Belgium http://www.privacy.fgov.be/
    Bulgaria http://www.cpdp.bg
    Cyprus http://www.dataprotection.gov.cy/
    Czech Republic http://www.uoou.cz/
    Denmark http://www.datatilsynet.dk/
    Estonia mailto:urmas.kukk@dp.gov.ee
    Finland http://www.tietosuoja.fi/
    France http://www.cnil.fr/
    Germany http://www.bfd.bund.de/
    Greece http://www.dpa.gr/
    Hungary http://abiweb.obh.hu/
    Ireland http://www.dataprotection.ie/
    Italy http://www.garanteprivacy.it/
    Latvia http://www.dvi.gov.lv/
    Lithuania http://www.ada.lt/
    Luxembourg http://www.cnpd.lu/
    Malta http://www.dataprotection.gov.mt/
    Netherlands http://www.cbpweb.nl/
    Poland http://www.giodo.gov.pl/
    Portugal http://www.cnpd.pt/
    Romania http://www.dataprotection.ro
    Slovakia http://www.dataprotection.gov.sk/
    Slovenia mailto:jernej.rovsek@varuhrs.si
    Spain http://www.agpd.es/
    Sweden http://www.datainspektionen.se/
    United Kingdom http://www.dataprotection.gov.uk/
  25. Kaso Member

    Re: Euro-folks: Data Protection Laws and Lulz

    The more and more i read about this the more i love it, and the more im realising why we arent really seeing any US style fair gaming over here.

    Combined with the Bonnie Woods case, pretty much everything theyve done in US; Posting info on internet, Giving Info to PIs, would leave them in deep shit legally here. And i think a few well placed requests from people who have been photographed could lead them to stop photographing whatsoever.

    Worries about them using your additional info, name/address are protected against due to "Personal information may be kept for no longer than is necessary." so they can only keep your name info while they're dealing with your request, and "Require that data is not used in a way which causes damage or distress." so if they do attempt to do anything with your data they are in violation and in deep shit.

    I'd be really interest for more infomation about how they have prove you have no infomation about you, all the stuff in government material assumes they either comply or do not comply, nothing about lying.

    Also, I freaking love UK laws.
  26. Re: Euro-folks: Data Protection Laws and Lulz

    Bonnie Woods is fantastic! Thank you! I believe I've found the law firm which handled her case (free of charge according to The Guardian!) and I'm gonna give them a bell later to see if they'd be interested in covering us should we be fair gamed.

    I don't think that it was a conviction regarding DPA though - seemed to be more general damages according to the reports I've read. I don't want to go down the road of "If you fair game us we'll sue for damages" - I want to stay along the lines of "If you break the data protection act, we'll sue for damages". I reckon those pesky cultists might take the first one as a challenge...

    Either way, another paragraph:
    "Also note that on June 8th 1991, Scientology was ordered to pay damages of £55,000 as well as £100,000 in costs to Bonnie Woods. This was due to publishing false and demeaning information about her to the general public for simply speaking out against the Church - an obvious example of the Fair Game policy still being in effect."

    I don't see how they can turn this on us dub - we're not a public entity registered with the information commissioner. As long as we're stood on public property or we have the property owners permission, we have the right to take photos of whatever we damn well please as long as they're for personal use.

    As for turning this into a prefab letter, I don't want to fall foul of us spitefully filing requests. I work for a bank and I know we were inundated with pre-formatted DPA requests regarding bank charges (some people didn't even bother to change the names on the letters) and we didn't ignore them. Considering the scale of the bank charges campaign, I'm surprised that the "higher-ups" didn't decide to ignore the obviously pre-formatted letters if it were illegal. Having said that, I'd rather put together a guide with some set phrases (such as the last two paragraphs of my current draft) as well as examples and sources for anons to put together themselves. Again, I don't think it's illegal to use pre-formatted letters but we've learnt not to give them an inch.
  27. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Well, you can do that, but unless it's sent by registered post to the registered Data Controller's address listed on the DPR, it has no legal force.
  28. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Actually, the ICO's Data Protection Act website gives a suggested form letter to copypasta. I don't think they care. Data Subject Access Requests are supposed to be entirely automatic (ie., they have no right to refuse) for an organization to respond to.
    Actually, no they can't. Individuals are allowed to store information for personal purposes. There is no right to retrieval unless the information is stored for one of the purposes listed in the Act.

    Also, I love you dub, that list of Data Protection Agency sites is exactly what we needed. THIS IS GOING TO WORK.

    The CoS got owned by the Hungarian Data Protection Registrar, too. See page 51 of this PDF.
  29. ptsAnnon Member

    Re: Euro-folks: Data Protection Laws and Lulz

    A tiny thing, but would it be worth changing:

    to:
    Or not? either way good work to date!
  30. indeedindeed Member

    Re: Euro-folks: Data Protection Laws and Lulz

    great idea, one remark:

    im not sure if they were placed already and in case they were, whether it was against the entity "Church of Scientology" or against an individual member.
  31. Re: Euro-folks: Data Protection Laws and Lulz

    I've been speaking to the Data Commisioners office. Ladies and gentlemen, we have our ace in the sleeve. We have 100% protection from Fair Game in the UK. I'm writing up a full report but probably wont be able to post it until after entub comes back online.

    We're not far wrong with the current draft - there's just a couple of clarifications and amendments to do but what we're saying and hoping is 100% correct. UK Anons are safe - the data commissioners office has our backs.
  32. Re: Euro-folks: Data Protection Laws and Lulz

    The Data Protection Registrar is pretty much the dog with bees in its mouth so when it barks it shoots bees at them, I gather.
  33. RaptorJesus Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Someone needs to legally change their name to Xenu and then put in data protection act request - for great justice.
  34. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    That's awesome news! Thanks for doing my dirty work for me.

    As I said earlier, the Information Commissioner's Office has had a lot of bad press lately in the UK what with the huge leaks of government information about people's private business and stuff. They are looking for good publicity and easy wins, and protecting all of us- though no doubt they'll paint us as a bunch of kids- from an evil cult is an extremely easy win for them.
  35. Re: Euro-folks: Data Protection Laws and Lulz

    Ok people, report time!

    What's the idea?
    We intend to use the data protection act to do one of two things - either to provide 100% complete and utter protection from fair gaming in the UK (and most likely in all EU countries), or we will catch them with their pants down their ankles, arseholes lubed up with spread cheeks as they break the data protection act and incur a full investigation into all procedures and practices by the Information Commissioner.

    What's the drawback?
    To do this you WILL be made known to them. If you're being fair gamed already then it's not going to make any difference. If you're not being fair gamed then you're handing all the details they need to fair game you on a silver platter with a "please rape me" sign on. However. If they do rape you, there will be a full investigation including incredibly hefty fines as well as the complete and utter loss of the right to hold personal data by the cult. Oh, and you'll be entitled to a very very nice sum of compensation which will be a slam dunk court case.

    So what's the theory?
    The Data Protection act provides you with a certain amount of rights with regards to personal information held about you anywhere in the UK as well as placing harsh restrictions on companies on how they hold and use that information.

    You can read the full act here:
    Data Protection Act 1998 (c. 29)

    You can read the information commissioners explanation of the act as well as their summary of your rights here:
    The Data Protection Act - Information Commissioner's Office - ICO

    What this means is that the private data that Scientology uses to track and harrass critics must be correct and must be processed in line with your basic rights. They CANNOT give out your personal information without your consent and they can only use the information ever given to them for the purpose that it was given to them. If you gave them any personal information say, to request something that you're entitled to under, it would be very very illegal for them to use that information to fair game you.

    So, the particular parts that we're looking at.

    1. You have the right to request a copy of all the information held on yourself by a company. This includes all personal information, any internal documents or memos about yourself, CCTV and photos etc. To do this is called a Data Subject Request. Companies are allowed to charge up to £10 to provide you with this information and must do so within 40 days of recieving a request.
    Source: How to access information - Information Commissioner's Office (ICO)

    2. You have the right to request them to stop processing your information if you have good reason to believe it will cause you unnecesary distress. This is fair game. You have the right to tell them to stop fair game, and if they do not then the information commisioner will wade in, lawyers first. This does not cost anything and simply takes the form of a letter. They have 21 days to confirm that they have stopped processing your information or provide the reason that they have not. If the reason is not good enough or you believe it is false, then you can send the information commisioner in.
    Source: Preventing processing of information - Information Commissioner's Office (ICO)

    I spoke to the information commissioners office on the phone (08456 30 60 60) and confirmed the following:
    - The Church Of Scientology would not be allowed to post your personal information including, but not limited to, age, date of birth, photos, address, phone number, sexual preferences, past convictions, current convictions, ailments and accusations to the general public or to other companies without your consent.
    - Regardless of the other illegalities of fair gaming and harrasing you and your friends, fair game is more than enough justification to tell them to stop processing your information and the Church Of Scientology must comply by law. The lass that I spoke to confirmed that she could think of no reason, unless we had signed a contract or agreement with them, that they could overule the argument of fair game.
    - The cult MUST provide all documentation on yourself including personal information but also internal memos and documents and if those documents implicate them as breaking the law, you can use that as evidence against them.
    - If you believe that they are withholding information about yourself, you can lodge a complaint with the information commissioners and they will barge in and find out for you.
    - If they break the law again (they have been in breach before) then they will lose all rights to hold personal data in the UK and will receive HUGE fines.

    Part 2 coming up
  36. Re: Euro-folks: Data Protection Laws and Lulz

    Part 2

    So is this just in the UK?
    No. There are data protection laws in all EU countries which follow similar principles.

    Dub provided us with this list:
    So how do we do this?
    Right I haven't done this yet. I majorly overspent earlier this month and am living on a strict £30/week budget until the 23rd. Unfortunately I can't afford the postal orders this week. I will be doing this as soon as I get paid.

    Ok, you need to send two letters as Scientology is registered twice in the UK. Here are the addresses (thanks Theta-Omega):
    Information Commissioners - Data Protection Register - Entry Details and Information Commissioners - Data Protection Register - Entry Details

    - Make sure you use recorded delivery. Post the letters from a post office and use recorded delivery. This means that you can track the letter and have 100% proof that they have accepted it and have the letter. This is all the proof that the information commissioner requires that you have made a subject access request (source: the lass on the phone in the commssioners office).
    - I'd recommend sending 3 copies of the letter to yourself, but they don't have to be recorded delivery. Now the copies of the letter are there if Scientology tries to pin bomb threats/anthrax letters on you. If it comes down to it, you will have 3 copies of the letter that will be postmarked by the post office. When you recieve these back, DO NOT OPEN THEM. Keep them and keep them safe. They are not 100% reliable in court but coupled with Scientologys history and citing Operation Freakout, I don't see any court case siding against you.
    - If possible, only seal the envelope in the post office and get witnesses. Preferably police, obviously not always possible, and show the contents of the letter to the clerk before sealing it.
    - Include a £10 postal order with each letter. Do not send a cheque for obvious reasons. £10 is the maximum that a company can charge for a subject access request and we know they will charge the maximum if they acknowledge your request.

    Here are the points that you need to cover in your letters:
    - You are making a subject access request for any and all personal information on yourself. They have 40 days to provide the information and you have included the £10 postal order to pay for this. They have your name and address at the top of the letter but I would recommend that you provide a little more information just to make sure they cant throw back "Well we just couldnt find them!". I gave a brief summary of my activities in the York protests and am including a passport photograph.
    - You are telling them to stop processing information on the grounds of fair game. You must provide adequette explanation of fair game and why this might effect you. Cite the case of Bonnie Woods:
    Scientologists pay for libel | UK news | The Guardian
    They have 21 days to confirm they have stopped or give the reason why they have not.
    - The information you give in the letter is to be used only to track down other data held by scientology and must not be stored for any longer than it takes them to make copies of your personal information.

    Here is the letter that I'm sending. You can copy/paste this letter if you wish but obviously change the paragraphs relating to me:
    What happens then
    By Law, Scientology responds saying they have ceased all information processing by yourself. They also provide you with a copy of all internal documents on yourself which would include any memos or notes as to what they intend to do with the information. You are 100% safe from Fair Game and they drop their attacks if they are already fair gaming your or they stop any planned attacks. You may also have evidence that they were planning illegal activities with the information.

    We all know that Scientology bends, if not breaks the law constantly. So here are the other outcomes:
    - Scientology ignores your request for copies of personal information or takes longer than 40 days to respond.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology sends you copies of some information but you suspect it isn't everything, e.g. there's no memos saying what they're going to do with that information or they have taunted you with that information.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology ignores your request to cease all processing or takes longer than 21 days to respond.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology doesn't give you a good enough reason why they aren't stopping their processing.
    Action: Phone the information commissioner and complain.
    Outcome: The Information Commissioner speaks to Scientology and sets the record straight. If Scientology does not comply then they get fined and lose the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology says they have stopped processing information then later they give you reason to believe they have not.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.


    I'm scrounging my change together to get my letters sent off as soon as possible. Up-to-the minute updates will be posted once I've got them sent.
  37. exanon Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Someone needs to pass this shit to dani_anon who's battling CoS in Court!
  38. stuwyatt Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Hay guise :)

    I just wanted to say that Im gonna do the whole DPA thing. I will say that I am pretty much skint, but I will try to raise the tenner to send to them (all my money goes on cannabis & cult activism and my cat)...

    I wanted to wait until they had enough info about me, and I wanted a positive confirmation that I was finally SP declared. This happened yesterday at the protest, when not a single Scientologist would look at me, talk to me or even acknowledge my existence...

    Proof is in the video: YouTube - Cult of Scientology protest - 12th April - Plymouth, UK

    (I used to drink with Ralph Angel during my muso days - we have a history)....

    Im gonna print out all the paperwork and fill it in over the next day or two... and then send it recorded delivery to the cult. I will document this on video at every step of the way.

    Lets enturbulate the fuckers ;)
  39. anonymous1312 Member

    Re: Euro-folks: Data Protection Laws and Lulz

    Regarding the video, as soon as Ryan hears OT 3 he stops recording / photographing and crosses his arms, a classic defensive posture. This and when he walked off with his fingers in his ears shows me that scientologists are brainwashed because normal people would NEVER react like that; I honestly wasn't convinced about the whole brainwashing thing but I think this proves it works. Ryan was actually concerned for his health at the prospect of hearing OT3, even though logically we MUST have read it 1st (without ill health) yet he still covered his ears and left the room. Powerful stuff, scientology really does screw people's minds.

    We think Ryan had an "awkward" childhood, he says that no one has treated him better than scientology, (See midnight call video by Plymouthscientology), clearly a vulnerable individual.
  40. Theta Omega Member

    Re: Euro-folks: Data Protection Laws and Lulz

    I tried to but he doesn't think it'll work :sad:

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins