Julian Assange managed to use the Data Protection Act to get some records out of GCHQ:
http://www.theguardian.com/media/2013/may/20/julian-assange-gchq-messages-extradition "he explained that an official request for information gave him access to instant messages that remained unclassified by GCHQ. ... The Cheltenham-based agency said: "We can confirm that GCHQ responded formally to the subject who made the request. The disclosed material includes personal comments between some members of staff and do not reflect GCHQ's policies or views in any way." This seems to have been GCHQ employees chatting about Assange outside of their actual work. Presumably most of us aren't talked about that way. But you could follow up the same approach by persuading celebrities to make DPA requests; I'm sure spooks IM about what was on TV last night. It's possible that you might also be able to get more out of GCHQ. Thhe Data Protection Action doesn't *quite* give a blanket exemption for national security. GCHQ need a certificate signed by a minister, stating that exemption "is required for the purpose of safeguarding national security". Presumably there is one of these covering most/all of their activity. But as the Assange case shows, there may be some wiggle-room around the edges. In any case there is a right of appeal -- it might be worth following that process. You might find some more edge-case data which GCHQ can't claim as needed to safeguard national security. Dan On 21/08/13 13:18, Francis Davey wrote: > 2013/8/21 Tim Green <[email protected]>: >> According to [1], GCHQ isn't subject to FOI, though David Miles has >> attempted to request [2] information on 'Mastering the Internet' >> environmental impact etc. via separate environmental information request. I >> don't know how successful his modified request for the information without a >> breakdown by program will be. > > What My NSA Records appears to do is act as a way to find out what > data the NSA has on the individual asking the question. The equivalent > for GCHQ would be to ask them what data they have about me. > > That data would be exempt from the FOI under section 40(1): > > http://www.legislation.gov.uk/ukpga/2000/36/section/40 > > In theory you should be able to ask someone else to make an FOI > request for your information (since then s40(1) won't apply) to which > they attach a permission form showing that you give consent > (satisfying s40(3) etc). That way you avoid DPA subject access fees. > In theory I say. No-one I know has tried it and to make it work might > require you to be rather determined. > > Unfortunately personal data processed for the purposes of national > security is exempt from subject access provisions under s28 of the > Data Protection Act 1998: > > http://www.legislation.gov.uk/ukpga/1998/29/section/28 > > So, I am not sure there's much traction here to get anything going, > but I am happy to listen to ideas. > _______________________________________________ developers-public mailing list [email protected] https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public Unsubscribe: https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
