Data protection policy statement

An important message to subscribers

As everyone will be aware, the General Data Protection Regulation comes into operation on 25 May. In terms of how that event affects this blog:

  • We currently hold the e-mail addresses of those who have registered to receive e-mail updates, but not their names.
  • We do not have the e-mail addresses of those who have subscribed via WordPress.
  • We hold no other personal data on subscribers.
  • We assume that, for the purposes of the GDPR, we have a legitimate interest in holding that information and that subscribers recognise that interest.
  • We therefore propose to delete the e-mail addresses of all existing e-mail subscribers on 24 May, which means that those who wish to continue receving e-mail notifications will have to subscribe afresh.
  • We shall take resubscription to signify informed consent to our holding the e-mail addresses of individual subscribers on our system.
  • We only communicate with subscribers by e-mail and not by any other means.

Three people have access to the e-mail addresses on the back end of WordPress: ourselves and our website designer.

Because we are not a commercial operation – we don’t charge for access and we don’t take advertising – we appear to be exempted from the requirement to register with the ICO, but we are actively considering the possibility of registering voluntarily.

At the moment, we occasionally include announcements about new publications and conferences for which there is a charge. We shall not do so in future, in case we inadvertently fall foul of the Privacy and Electronic Communications Regulations.

Frank Cranmer & David Pocklington

 

21 thoughts on “Data protection policy statement

  1. Though ostensibly irritating this legal or regulatory need to “allow” everything means people can effortlessly “bin” unwelcome callers by just doing nothing.
    Not that this wld ever apply to Law & Religion obvs

  2. Will we be able to subscribe via word press at that time, or will it only be email?

    I would hate to lose contact as I am subscribed by both means. Email and Word Press.

    • WordPress subscribers will be unaffected: there’s no reason for us to disconnect them because we don’t hold any data on them: it’s the e-mail addresses on the back end of WordPress that are the problem in data protection terms.

      This might be a sledgehammer to crack a non-existent nut; but we’re operating on the basis that it’s best to err well on the side of caution.

  3. Thank you,sorry for all your trouble. As ever, your response is reasonable, measured and clearly explained. Please tell us how to re-subscribe when the time comes. Nina Gwilliam.

    • It’s dead easy: you just hit the “subscribe” button on the home page. But we’ll issue a reminder – and we’ll be sending an e-mail to all current e-mail subscribers.

  4. I am sorry that you are to discontinue including “announcements about new publications and conferences for which there is a charge.” This can be most useful information, sometimes not otherwise brought to your readers’ attention. I appreciate your concern not, inadvertently, to fall foul of the Privacy and Electronic Communications Regulations, but is there no way for you to continue providing such information without risking a breach of the regulations? If not, it seems to me that we (and you) should lobby for the regulations to be amended as necessary to enable you to continue to provide it: perhaps on the basis that it is a restriction on the freedom of expression, in contravention of Article 10(1) of the European Convention on Human Rights (as scheduled to the Human Rights Act 1998), which cannot be justified on any of the bases set out in Article 10(2).

    • So are we, and perhaps we’re taking an unusually cautious view of the reach of the Regulations. But better safe than sorry, and there are plenty of other vehicles for disseminating that kind of information: publishers’ websites and the sites of the people organising the conferences.

      I must confess that I wasn’t even aware of the Privacy and Electronic Communications Regulations until a couple of months ago – and they look pretty draconian.

      • Neither was I until I read the ICO’s Legitimate Interest paper! Oh, what a tangled web… I totally endorse David Lamming’s point. There may be ‘plenty of other vehicles for disseminating’ but it is VERY helpful when someone like you are in touch with the ‘other vehicles’ and can select those which you feel may relate to those who follow L&RUK.

        Do the PECR really mean that if I see something of interest on a public website that I can’t bring it to the attention of another ‘public?’

        • That’s the problem. The site sends automatic e-mails to subscribers every time we post. So if a post includes notice of something for sale – a book or a conference – is that ‘marketing’ for the purposes of the PECR? It’s not the post itself that’s the issue – it’s the e-mail. And we just do not know the answer.

          • Thanks for clarification of a ‘nice point’. Mmmm… If I commend a book to someone and they buy it then I get no financial benefit. Is that marketing in PECR terms? Rhetorical!

          • Quite. My perception of the problem is that we’re doing ‘electronic communication’ by e-mail and that that seems to be caught by the Regs. I can’t imagine that the ICO is going to come knocking on our (electronic) door – but we can’t know that for sure.

            Our feeling – rightly or wrongly – is that we’re about to enter a much tougher regulatory climate generally; and David and I feel that the advent of the GDPR is likely to up the ante for enforcement of the PECR as well. It’s just not a risk worth taking.

            But maybe it’ll all settle down; and if and when it does, we can reconsider.

          • The BBC aren’t supposed to advertise or sell things but they are always telling us about books to read, films sports events or concerts to go to, the latest technology we can buy, or places to go to on holiday.
            Will they fall foul of the new regulations? Shouldn’t think so.
            Evie

          • And so they do. But they don’t do it by sending everyone e-mails – which is what we perceive to be the problem of operating under the PECR. So far as we see it, either (1) we can avoid anything that looks like advertising or (2) we can stop sending automatic e-mail notifications by removing the facility to subscribe to the blog.

            Our assumption (based on our own experiences as subscribers to other blogs like UKHRB and the Oxford Human Rights Hub) is that people would prefer option (1).

            But it’s a total pain.

  5. Pingback: Parishes and the “GDPR” | Law & Religion UK

  6. I note that L&R is preparing to follow a ‘scorched earth’ data policy – but is it really necessary? Here is what seems to be an eminently sensible position on GDPR sent out by a local Neighbourhood Forum, who like L&R have previously been providing the opt-outs in their emails that ICO particularly emphasise.

    “We are writing to let you know about some changes we are making to our Privacy Policy and the way we keep in touch with you, due to new data protection laws that come into force on May 24th 2018.

    We believe we already have your consent to email you.

    If you are still happy to hear about information in relation to the Forum and other news happening in the neighbourhood then you don’t need to do anything more – we will continue to keep in contact with you.
    We will update you on things we think will interest you, including articles, events, neighbourhood planning, about our current and future projects and activities, as well as details about third party events, campaigns, products specific to our neighbourhood and local vicinity.
    Copyright © 2018 Forum, All rights reserved.
    You are receiving this email as you have previously expressed an interest in staying in touch with the work of the Forum and the development of the Neighbourhood Plan.”

    They are using an email distribution service, based in USA, which contrary to circulated rumours is GDPR-permissable since a relevant agreement was ratified in August 2016: the “EU-US Privacy Shield”

    Is the Forum wrong – if so why? If they are right – why are so many not-for-profits panicking?

    • We don’t know – and that, in a nutshell, is the problem. But all we’re going to do is to ask people to resubcribe to e-mail notification if they wish to do so. I’ve already had umpteen requests of that kind landing in my in-box – as, no doubt, have you.

      (Incidentally, our rule is that we bin anonymous posts – but I’ll make an exception in this case!)

  7. Pingback: Law and religion round-up – 20th May | Law & Religion UK

Leave a Reply to Sym Cancel reply

Your email address will not be published. Required fields are marked *