PUBLIC INTEREST WARNING: MR JASON BENNISON IS NOW OFFICIALLY BANKRUPT.

Section 10 of the DPA 1998

Here we have a piece of legislation that’s very often misunderstood. This is what the legislation says:

10 Right to prevent processing likely to cause damage or distress.

 

(1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—

 

(a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and

 

(b) that damage or distress is or would be unwarranted.

Data Protection Act 1998

This is what the ICO says:

In brief – what does the Data Protection Act say about objecting to processing?

The Act refers to the “right to prevent processing”. Although this may give the impression that an individual can simply demand that an organisation stops processing personal data about them, or stops processing it in a particular way, the right is often overstated. In practice, it is much more limited. An individual has a right to object to processing only if it causes unwarranted and substantial damage or distress. If it does, they have the right to require an organisation to stop (or not to begin) the processing in question.

 

So, in certain limited circumstances, you must comply with such a requirement. In other circumstances, you must only explain to the individual why you do not have to do so.

Information Commissioner

Note the text highlighted above. Also note the word LIMITED. Section 10 is not an open door for everyone to command others to stop processing their data, nor does issuing a notice under that section guarantee compliance. Now let’s look at the definition of “damage or distress”:

What is meant by “damage or distress”?

The Act does not define what is meant by unwarranted and substantial damage or distress. However, in most cases:

  • substantial damage would be financial loss or physical harm; and
  • substantial distress would be a level of upset, or emotional or mental pain, that goes beyond annoyance or irritation, strong dislike, or a feeling that the processing is morally abhorrent.
Information Commissioner

Note that distress goes beyond annoyance and irritation. In other words, it’s not enough merely to be unhappy with the data being processed.

It is also important to establish what is personal data. An opinion or commentary is not “data”; saying that someone is unqualified, misunderstands legislation or gives wrong advice is not “personal data”. Nor is quoting what that person has said, written or posted, unless its his own personal details (for example, his name, address, date of birth and NI number).

In some cases, personal data is already in the public domain. This is often the result of actions taken by the data subject himself. For example, registering a limited company and becoming a director will result in the director’s personal details (name, address, date of birth, nationality and other directorships) being available from Companies House and other websites that draw company data. Legal action can also result in some details being made publicly available, for example, in connection with a judgment, order or decision.

The Data Protection Act was drafted in order to protect individuals’ rights to respect to private life amongst other things. This means an INDIVIDUAL can serve a section 10 notice, a business cannot. It’s not unusual for an individual to engage in business, in which case, the data in question may well refer to the individual’s business as well as his business practices. These are not covered by rights to privacy. People have a right to know how other people conduct their business, particularly if these people give advice or charge for their services.

Finally, there is also the requirement for the damage or distress to be unwarranted. The ICO states:

The Act recognises that organisations may have legitimate reasons for keeping records about people which may have a “negative” effect on them. For example, the information you hold may lead to their arrest, to their being made to pay child maintenance, or to their being required to buy a TV licence. The Act does not give individuals the right to prevent this. Even where damage or distress has been caused, the Act limits the right to prevent processing to cases where the effects are unwarranted.  

Information Commissioner
Section 10 of the DPA is not intended for people to hide their business practices.

It should also be noted that section 10 of the DPA applies to DATA CONTROLLERS, defined by the ICO as follows:

Data controller means … a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Note that not everyone is a data controller. Although the ICO states that data controllers can be individuals or organisations, its main concern is with organisations that process other people’s data. The reference to individuals would be to people working as sole traders, freelancers, consultants, etc., in which case they are “the organisation”.

The DPA is not there to settle disputes between individuals regarding their own personal issues, nor to stifle free speech. 

Breaches

Section 10 also says:

(4) If a court is satisfied, on the application of any person who has given a notice under subsection (1) which appears to the court to be justified (or to be justified to any extent), that the data controller in question has failed to comply with the notice, the court may order him to take such steps for complying with the notice (or for complying with it to that extent) as the court thinks fit.

Data Protection Act 1998

Note that the court MAY order someone to comply with a section 10 notice. This is obviously once the court has had the opportunity to look at the evidence, which is not quite the same as making an emergency application for an interim injunction.

/ Legalities, Misunderstood legislation, Other subjects / Tags:

Share the Post

Leave a Reply

12 Comments on "Section 10 of the DPA 1998"

Guest
Delta157
5 years 6 months ago

S10 principle 6

0
 |     Reply   -     
Guest
Court Order
5 years 8 months ago

Schedule12 posted:

When I handed a client Peters Nominet court order showing his name and address, she thought was mentally retarded.

Was that the document that was not supposed to be used for any purpose other than that specified on the order itself? The one you went and published on the silly “fishy” site you resurrected?
How could any “client” of yours have any trust in you when you breach not only the DPA but also a court order by revealing confidential personal information to third parties?

Another client found out Peter has not had a job since at least 2004, unless he worked without declaring the income.

Really? You must, once more, have disclosed a great deal of privileged information provided to you via a court order for anyone to have carried out such research.

You have a serious problem in your hands, Jason, with all the data breaches and breaches of court orders. No wonder you had to decamp to the Philippines.

0
 |     Reply   -     Hide Replies ∧
Guest
Contempt of Court
5 years 8 months ago

This is very serious, personal information obtained by forcing disclosure through a court order can only be used in the course of the proceeding the information was obtained for and nothing else. Passing this information on to an unrelated third party such as a client of yours is contempt of court, and publishing it is even more serious.

The courts take Contempt very seriously and tend to impose custodial sentences to deter others from doing the same.

0
 |     Reply   -     
Guest
Jason on the Run
5 years 8 months ago

Jason, thanks for the info, mate now we know why you went all the way to the Philippines!

0
 |     Reply   -     
Admin
Schedule One
6 years 1 month ago

Excellent introduction Admin.

Enforcement on data breaches are usually down to the ICO, if there is no action after a complaint has been investigated and a decision made, then surely that is that.

Any action after that would be one for damages, but without that initial confirmation regarding the cause of action, I don’t see how a individuals complaint can be successful.
Misinterpreting or lying about the outcome of a complaint in order to start a damages claim is a very foolish path to follow.

0
 |     Reply   -     Hide Replies ∧
Guest
Flying Pig
6 years 1 month ago

Furthermore, he would have to show that the breach of the DPA was the cause of the losses and evidence those losses. If people decided not to use his business services after reading that his advice was wrong, that could hardly fall under the DPA, and he’d still have to prove his losses as well. There is more chance of seeing a flock of flying pigs than of him winning such a case.

0
 |     Reply   -     
Guest
Shirl
6 years 1 month ago

An excellent introduction indeed from Admin regarding yet another subject that Jason Bennison really struggles to understand.

0
 |     Reply   -     
Guest
Moron
6 years 1 month ago

Is there anything he doesn’t struggle to understand?

0
 |     Reply   -     
Guest
Section 10
6 years 1 month ago

So what about all the times Jason and his lapdogs have posted up people’s names, address, pictures of their homes, etc. on BHF? Wasn’t he breaching the DPA? As we know from this other thread, he is the data controller, as BHF is a trading style of xlaw ltd. http://bailiffhelpforumarewrongagain.com/jason-bennisons-legal-pretences/

0
 |     Reply   -     Hide Replies ∧
Guest
Shirl
6 years 1 month ago

At one time, he would deny being the owner of the Bailiff Help Forum. That is now a thing of the past.

Since evidence was forthcoming of his Dispute Resolution complaint to Identity Protect Ltd under the name of Bailiff Help Forum, and his separate application for an injunction against Nominet Ltd under his own name of Jason Bennison, he cannot any longer deny being the owner of the Bailiff Help Forum and accordingly, whether he likes it or not…..HE is the DATA CONTROLLER of that forum. Accordingly, he will be receiving correspondence very shortly.

0
 |     Reply   -     
Guest
Silly Buggers
6 years 1 month ago

He is also the domain registrant so, as far as Nominet were concerned, he didn’t have to prove ownership. He started denying owning the forum to play silly buggers after “doorstepping” David Lindley. Bennison and Lindley entered into an “agreement” not to post about each other, but this didn’t include Jason’s pets Mark and Pote. Mark kept making horrendous, abusive posts against Lindley and, when Lindley contacted Jason to say he’d breach the agreement, Jason said: “not me, I’m not posting anything about you.”

He said he had no admin permissions to remove anything and argued that Amy was the one. Obviously Amy couldn’t issue an injunction against Nominet, which is just as well…

0
 |     Reply   -     
Admin
ploddertom
6 years 1 month ago

No offence meant but at least one thing has come out of this but it was a great shame you suffered more than most.

All of his bluster about tracing IP addresses or getting information from ISPs and having accounts restricted was just that – bluster. He has made a laughing stock of himself, his cohorts, his methods & his websites. I fondly remember the horror there was over the answer he got when I answered the phone to him, pity more had not done the same. He obviously thought he was the Big I Am whereas in fact the allegation about him runs parallel with his small appendage.

0
 |     Reply   -