GDPR Fears That 'Myths' Around New Data Protection Rules May 'Endanger The Lives Of Children'

'That is idiotically dangerous.'
The General Data Protection Regulation (GDPR) came into force on Friday
The General Data Protection Regulation (GDPR) came into force on Friday
PA Wire/PA Images

A law consultant has warned growing “mythology” around new data protection laws could “endanger the lives of children” and has urged authorities to issue urgent advice to get key messages out.

Media law consultant David Banks said “panic over GDPR has become a full-blown stampede”.

He told HuffPost that he had been told of schools who believed they could no longer alert staff to student’s “potentially life-threatening allergies” because of the General Data Protection Regulation which came into force today.

“I think the information commissioner is going to have to start doing some myth busting about GDPR given the mythology that is growing around it and I think they need to do it quite quickly,” he said.

“Especially with some of this information going around at schools which is particularly worrying and potentially dangerous... I think they need to perhaps put out a few notices saying, ‘you can tell members of staff that a student has a potentially fatal allergy’.”

The panic over #gdpr has become a full-blown stampede. Just been contacted by a client whose gdpr compliance group has advised deleting every photo of any person on their website every two years. People need to calm down. Given barmy advice? Give me a call.

— David Banks (@DBanksy) May 23, 2018

It seems that schools in particular have been given guidance that at best wrong and at worst potentially life-threatening to pupils and @educationgovuk and @ICOnews need to issue some clear guidance as a matter of urgency...

— David Banks (@DBanksy) May 23, 2018

Some of the guidance on #GDPR given to schools is said to include:
1. Destroy archive pics of ex pupils - Wrong
2. Pupils’ surnames can’t be given to newspapers - Wrong
3. Staff cannot share information on pupils’ life-threatening allergies and illnesses - Wrong, and dangerous

— David Banks (@DBanksy) May 23, 2018

GDPR applies to all organisations that handle European Union citizens’ data and has caused widespread panic as it gives the Information Commissioner’s Office (ICO) powers to fine firms up to €20m (£17.5m) or 4% of global annual turnover for serious breaches.

It gives consumers new rights to request what data is held on them and to ask for it to be deleted and requires companies to get explicit consent to use personal information. According to the ICO it’s “intended to strengthen and unify data protection for all individuals within the European Union”.

Firms also have to meet higher standards for keeping data safe but they have been given two years to prepare for the change.

The law had led to torrents of emails being sent out asking people to renew their consent to receive marketing materials and today a number of high-profile US news websites became temporarily un-available in Europe.

Several tech firms are also said to have blocked EU residents from using their services and UK political parties are deeply concerned by the repercussions.

On Thursday Banks highlighted the confusion around GDPR by directing his followers to a thread on Twitter.

Our county council's advice to schools has been to rethink having photos and details of children who have allergies/health problems and may need urgent medical attention pinned to notice-boards in the staff-room. FFS.

— Andrew R (@ExcelPope) May 23, 2018

Christ, there is a specific exemption where data may save a life. That is idiotically dangerous

— David Banks (@DBanksy) May 23, 2018

I’m just so sad about the piles of old photographs of ex pupils my school will be destroying. We’re destroying our history. The archives of the future will be empty.

— TheOneAboutSue (@OneAboutSue) May 23, 2018

A family member who is a teacher has been told GDPR means they can’t discuss any given pupil within earshot of any colleagues. Madness.

— Callum May (@callummay) May 23, 2018

I was at a school the other day where the head refused to let me use the surnames for children I was interviewing. She cited GDPR. Where does this madness stop?

— Kathie McInnes (@Kathie_McInnes) May 23, 2018

I do bike races and my favourite ‘wait, what?’ GDPR moment has been cycling clubs advising photographers they can’t take photos of races on public roads any more ‘because of the GDPR’ 🙄🙄🙄

— Nic Stevenson (@nicstevenson) May 23, 2018

I work in finance. A GDPR consultant told me recently that I should consider removing all customer names and addresses from our invoices. I told the “consultant” to live in the real world, and I haven’t seen him since.

— Rebellious Jukebox (@cruiserscreek85) May 23, 2018

The Department of Education today declined to comment on any feeback they had received from schools around GDPR, but highlighted a number of educational materials - including blogs and videos - it had provided.

The National Education Union told HuffPost it was unaware of concerns amongst schools. The National Union of Teachers and the NASUWT are yet to reply to a request for comment.

A spokesperson from the Information Commissioner’s Office told HuffPost that it had already published a “whole series of myth busting blogs” about GDPR and reassured small organisations that there is “no need to panic”.

“It’s important that we all understand 25 May is the beginning of the journey and we want to reassure small organisations that there is no need to panic. Anyone who is unclear about what they should be doing should check our website or contact us directly.”

The statement continued: “The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change. The large fines will be reserved for those organisations that persistently, deliberately or negligently flout the regulations.”

Banks said a lot of the confusion around GDPR centred around the issue of consent, “which is why we’re all getting these emails” from companies asking for permission to keep sending correspondence.

Not only do @popbitch have a great GDPR disclaimer, they also appear to actually understand the law! All those lawyers fees must be worth it... pic.twitter.com/2JADpTpQBF

— Nic Stevenson (@nicstevenson) May 24, 2018

Consent, he said, is only “one of the reasons that you can hold data, but it is only one”.

“There’s lot of other reasons. Vital interests. Life-saving interests. Contractual interests,” Banks said.

He explained if individuals, for instance, had previously agreed to recieve a newsletter, even if it was “years ago”, companies did not need to ask them for consent to keep sending it because “I can unsubscribe at any time”.

“One of the exemptions to holding data is that you’ve got a legitimate interest in holding, just what data they need, to get me the newsletter.

“Organisations that might be in a little bit of a sticky situation... if you’d signed up to a newsletter and you’ve told them everything about yourself... your name, your hair colour, your gender.... now they might find themselves in a sticky situation because they’ve got a lot of data and it might be quite hard for them to justify holding quite so much.”

The Twitter thread was critical of the way the ICO’s had rolled out the law change, which Banks agreed with, saying there were too many “grey areas”.

I have to say the lnformation Commissioner has handled #GDPR appallingly. I went to a workshop delivered by one of its policy officers. Nothing against her - she was v good - but she admitted quite a lot was a grey area! Businesses can’t operate on that basis. They need clarity

— Kevin O'Sullivan (@kevinthehack) May 24, 2018

Agree. If you give people grey areas then some will err on the side of caution and next thing you know they’re ordering you to delete all photos on your phone and your entire email contacts list!

— David Banks (@DBanksy) May 24, 2018

However, he told HuffPost that “this often happens when you get complex new legislation coming in, people overreact and interpret it at the most extreme level, they always go to the worst case scenario”.

“Perhaps some simpler information should have been out out by the Information Commissioner’s Office,” Banks said.

“The guidance we got was quite lengthily and it would be good to see some digests coming out that kind of back that up and get some key messages out to give a bit of clarity to people. ”

Close

What's Hot