In message <199508041840.OAA01729@clark.net>, Ray Cromwell writes:
Just more evidence for why even "well meaning" policywonks are dangerous. Take for instance the rule that "data must be kept up to date and accurate" How up to date and what is accuracy? So if I have a commercial web page which records transactions on my server, and I stop logging and keep year old records, do some statistic processing on them, I am in violation for having stale data.
If I remember the Irish data protection laws accurately, the idea is to keep innaccurate data on individials (and, possibly, companies). I doubt if data which cannot be used to identify individuals would qualify. (There is a small exemption for clubs, I can't remember the details exactly.) Assuming the same model is being proposed where you are, I doubt if it would mean you could be prosecuted for holding old transaction records, just ones that either (i) are out of date because someone may be listed as not having paid when they have or (ii) record transactions that didn't take place.
And what the hell is "accurate" data? All information about other people is subjective. I should be entitled to record any statistics about you for my use that I want. Just by interacting with me you transmit information. If I interact with you and get the "wrong impression" about what type of person you are, am I in violation for storing inaccurate data? (e.g. if I write in my computerized diary "I think John Smith is a jerk.")
I think you miss an important point; your opinion is subjective, but data can relate to objective facts (e.g. credit records). Would you take the same stance if a credit bureau claimed that you couldn't pay back half the loans you took out? What worries me about the *lack* of some form of data protection legislation is that is allows someone to build up a database of information which is a mishmash of truth, misunderstandings and lies. How would you feel if "Concerned Citizens against Cryptography" compiled a list of all members of this list, branding them as `dangerous, possibily criminal subversives'? What if that opinion was spread to other databases? How about the police investigating you because of this kind of database?
How will this law affect reputation servers? If my reputation server has what you consider a bad review of you, am I in violation?
Personally, I wouldn't take a reputation server seriously; after all if you labelled me a jerk, I could do the same to me on my own server! :-) Seriously, I don't think something as frivilous as a reputation server should be illegal, but anything that records information about individuals that could result in harm to said individuals (e.g. by falsely branding them a bad credit risk, falsely claiming them to have a criminal record, etc.)
Privacy should be implemented via cryptography, not obscure politcal machines which are doomed to fail and produce a black market for personal data anyway.
I'm sorry, but I don't think this marked metaphor holds here. Derek Bell