I’m not the first person to notice, but as it is a consistent mistake and it’s now being promulgated by the worst possible source, it’s worth saying it a few times: people don’t own personal data about themselves and the Information Commissioner shouldn’t pretend that they do. The claim was made in an emoji-laden post related to sports clubs, and while the text was about a speech by the ICO’s acting Head of Northern Ireland Affairs Caroline Mooney, it’s not clear if she also made the claim. Anyway, it’s false. There are a few references to ‘their data’ especially in the recitals, but beyond that, UK GDPR offers nothing. Ownership of an intangible thing like information would be very complicated to manage - copyright and intellectual property law shows how complex it is even when it’s based on a more recognisable idea that a creator has rights over how their work is used. The idea that I own my name, my address, or other people’s opinions about me is - to me - just silly. But whether it’s practical or even desirable to introduce the concept is a completely separate question to this one. People do not currently own personal data about themselves. The Commissioner is wrong to say they do, his staff should know better and it’s instructive that they don’t. This post should be amended or deleted. This isn’t a technical point like the way in which ICO staff keep saying the DPA applies when they should understand that it’s the UK GDPR. This gives people false and unhelpful expectations; it makes the work of DPOs and DP specialists more difficult when dealing with such people. It is - to use a silly phrase dreamed up by a silly man - the opposite of “regulatory certainty”. I won’t say that the ICO should know better. That isn’t really true any more; we’re way beyond the point where the ICO can be relied on to maintain basic standards. But every time they show how feeble their grasp on the job is, even if it’s in a bland LinkedIn post, we should all point and laugh.
You're missing the key point - It had Emojis!!. The post, for some inexplicably reason, took me back to a 1970s sitcom about a firm of tailors called "Never Mind the Quality, Feel the Width"
I think part of the issue is the language we use as professionals. . In meetings we often talk about "their" private data. Whilst I'm not sure how else we could describe this information but in some way that signals a level of ownership of the information. It's interesting you meantion intangible ownership. Another hat I wear outwith IG is as a photographer. In this world there are actually different legal spaces. In some jurisdictions a copyright holder of an image is actually the person in the image, where as in the UK at least it belongs to the photographer (or their employer). Legal ideas of ownership are different depending on the jurisprudence and culture associated with it. I would agree with your last statement the barrage of complaints with the ICO giving innacurate or at least unhelpful responses feels like its getting louder and louder.
Rights, not ownership!! That’s the key with personal data. Yet with health data, like test results, people treat it as theirs which is completely understandable
So in a nutshell, no one owns their own data, but they do have control over how it is used/distributed. Sadly, hackers in the UK and elsewhere pay zero attention to any such constraints.
Ohhh now youre talking, with names etc the wonderful world of the Sovereign Citizen arguments and utter, utter madness ensues. Because their name is not their real name, its their strawman name etc. And they submit long rambling requests!
I’ve officially lost hope on the ownership front now.
I once had to deal with a customer who couldn’t understand how someone else could have incorrectly entered his email address when registering their account as he owned it and so no one else could use it.