It covers all personal data, CCTV is just one form of data. It does entitle you to ask for data to be deleted but it’s not an absolute right — the data controller has to consider your request but may have good reasons for retaining your data.
They don't actually.
Well the full story seems to involve medical information which is special category personal data, which requires extra safeguards. It may not have been necessary to share that part of the story but it perhaps is more useful to follow the ICO guidance and consider if consent to share it can be obtained and thus a properly informed position available to the claimant.
And there is the rub.
the ICO disagrees! The data controller needs to consider the options but disclosure could be a lawful option, even if consent was refused.
This must be nonsense. The victim here might want to bring a small claims action against the person who caused the damage. This would indeed make him the prosecuting party. I think your interpretation is wrong.
The legal route is to issue a claim in the small claims court after issuing a letter before action. In order to do that he needs to know who it is and where they live. That does not constitute "hunting anyone down"
It’s quite clearly spelled out in the law. They are essentially a random off the street as far as GDPR is concerned unless and until something overrides that.
It isn’t. I did this for a living, advising some global companies. The victim can’t bring a small claim since they don’t know who the other party is and have no evidence that they have access to. There are various ways they can go about getting access, but asking a business to break the law isn’t one of them.
This, perhaps, is where your premise falls down.
Flip the situation round. Someone else in the harbour claims your vessel caused them damage (perhaps a line broke and you weren’t on board - so we don’t have to deal with the obvious fact that you are an upstanding member of society and would have sorted it directly yourself). Now are you happy for the harbour master to provide your details to any person who asks for them on the premise your boat damaged them? Only if the HM reviews the CCTV and sees there was contact? Or only after he first discusses it with you directly?
You are well within your rights to start a claim against the harbour for letting it happen. That’s entirely separate to data privacy.
I’ve never included any nuance when discussing GDPR with people who will never bother to read it. They tend to jump on things as an excuse for illegal behaviour rather than taking time to understand why the exceptions exist.
Think about the logic of what you are saying carefully. The natural conclusion is insurers should make economically poor decisions to make a point, which will put up your premiums!
I have some sympathy with that approach. But when you say things like “asking business to break the law isn’t one of them” if misleads them even more and feeds the “GDPR says no” myths which exist amongst those too lazy to understand the essence of the rules.
I have literally read the entire thing, some of it dozens of times - I’m not sure I would agree - if that was the case we wouldn’t really need the rest, it could have been left for guidance notes rather than law. But I get your point that arguing with people who haven’t even bothered to read the introduction is probably fruitless.
100% agree. Ironically in my experience they are exactly the same people who if their data gets shared without consent get up in arms about it, and start shouting about GDPR! The same seems to be true with other types of rights.
