A web site set up by a group who voted for a House of Lords
amendment to the Parliament Act to avoid lowering the age of
consent for homosexuals from 18 to 16 was the recent target of an
investigation by the Information Commissioner (formerly known as
the Data Protection Commissioner).
The site, ageofconsent.org.uk, canvasses votes from visitors on
whether or not they support Baroness Young’s argument. To vote,
users were asked to submit their name, postcode, age range, sex,
sexual orientation and whether or not they are a UK citizen. Most
of the data is personal data under the Data Protection Act 1998,
which means that the person collecting the data (Baroness Young)
must be registered as a data controller and comply with the Act’s
provisions on collection, use and disposal of the data. The
question about sexual orientation constitutes sensitive personal
data under the Act, which carries more stringent conditions of
use.
The web site had no data protection notice in place, hence the
Commissioner’s concern. Over 50,000 votes have already been cast.
In fact, no action was taken by the Commissioner other than an
exchange of letters, warning the site that a suitable notice was
required. This was put in place by the site. According to the
Commissioner’s office today, there are now only “a couple of minor
concerns outstanding,” following this move. These concerns were
said to be confidential.
However, as OUT-LAW’s Linda Molloy observes,
“The site only contains a link to a privacy
notice from its navigation menu and users are not told to read the
notice before entering their details. This means, users can easily
submit their details without having been shown the notice. To
comply with best practice, before taking personal information, a
data protection notice should be displayed prominently, requiring
the user to click his or her acceptance of its terms. At the least,
there should be a message to users asking them to visit the notice
before completing their details.”
