In a Spinvox over data protection…

Another day, another data protection story in the news.

This time, it’s voicemail to SMS text provider Spinvox that has hit the headlines.

Spinvox provides a novel service which claims to use automated technology to convert voicemails into SMS texts or emails. Its entry in the Information Commissioner’s register of data controllers states that in doing this it will not transfer any personal data outside the EEA.

Spinvox has become unstuck over allegations that some of the messages are converted to text by humans (not computers) in call centres outside the EEA. Spinvox claims that such messages are anonymised (by removing identifiers such as the email address and mobile number). However, there are further claims that some of those messages processed by the call centres contained commercially sensitive and personal information, which allow the user of the service (and others) to be identified.

Whether or not Spinvox is actually in breach of the Data Protection Act (DPA) and its notification to the Information Commissioner is unclear. What the story does demonstrate, however, is that you cannot assume that simply removing external identifiers (such as email addresses and mobile numbers) is enough to anonymise the data and take it outside the ambit of the DPA – the content of the information may itself be inherently “personal”.

The story also emphasises the importance of data controllers ensuring that their notifications to the Information Commissioner and privacy policies are correct and up to date and give users true transparency over how their data will be processed – for example, explaining to users that their information may be transferred outside the EEA for processing and explaining the steps that the data controller will take to to keep that information secure.


2 Responses to “In a Spinvox over data protection…”

  1. 1 douglasmathie July 23, 2009 at 5:07 pm

    This reminds me of a DP argument that I once had with a lawyer on the other side of a transaction.

    The question was wheher a a photo of a person personal data on its own, i.e. without any other data about the person, is personal data.

    He said yes, I said no.

    It is amazing the things dp lawyers find to argue about!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

July 2009
« Jun   Aug »

%d bloggers like this: