Delivering some clarity on personal data misuse

by GDPR Associates | 26th January 2018 3:12 pm

Imagine getting a text out of the blue from an (almost) complete stranger. You have met one time – in passing – in your entire life, but this person is contacting you and asking for a date. Not only does this person have your number, they also know your name and where you live. Unnerving, right?

This is what happened to Michelle Midwinter. After she ordered a take-away meal through Just Eat, the driver who delivered her food subsequently began to send her inappropriate text messages.

She complained to Just Eat but received a less than satisfactory response. The unicorn food delivery platform offered her a £5 goodwill voucher which was later upped to £10 for her “inconvenience.” So Midwinter tweeted about it.

It was shared and liked thousands of times, with other people sharing their stories of their data being misused by people making sexual advances.

Michelle Midwinter’s tweet with screenshots of unsolicited texts from delivery driver and poor response from Just Eat.

Michelle Midwinter's tweet with screenshots of unsolicited textsOne woman said that at the age of 16, she was contacted on Facebook by a man who had delivered furniture to her house. He proceeded to ask her “a bunch of weird sexual questions.” One man alleged that the delivery company he was riding for passed his phone number to a customer. The customer claimed he had been short-changed, but then phoned the rider and called him “hot.”

Among the 1,600 responses to the original tweet were a number of people defending the driver (he’s just flirting and being clumsy about it) and Just Eat (it didn’t employ the creep). However, it was heartening to see that these were outnumbered by messages of support and advice. Midwinter was encouraged to contact the ICO.

She herself questioned whether the texts were a breach of data privacy laws and several people assured her that they were, posting the link to the government’s summary of the Data Protection Act. Some people suggested that in the future, software be used to mask the phone number of customers when they are having something delivered.

“If a customer’s phone number is used for reasons for which it was not originally taken, it could be a breach of the Data Protection Act.”

The following day (16th January), the ICO issued a statement on the matter. An ICO spokesperson said: “If a customer’s phone number is used for reasons for which it was not originally taken, it could be a breach of the Data Protection Act. Organisations have a legal duty to make sure personal data is only used for the purposes for which it was obtained. We are aware of reports of an incident involving Just Eat and will be looking into it.”

Midwinter tweeted later that day that she had been called by the managing director of Just Eat and had discussed the situation at length. The MD accepted responsibility, apologised for the way her complaint was initially handled and said that changes will be made. Midwinter concluded: “I believe they are taking this extremely seriously and I hope this will pave the way for national changes to the way our data is protected, and more importantly how females are protected.”

The silver lining of this awful situation is that the issue of securing personal data is now front of mind in the public consciousness. Many members of the public know that personal data should not be used for anything other than its specifically stated purpose. Complaints about its misuse should now be taken much more seriously. In her statement Midwinter raised several questions, one being: “What are companies doing to safeguard our information?” Hopefully, we will soon be made aware of the answer.

Toni Sekinah, research analyst and features editor, DataIQ

The original article (and image) was originally posted here:[1]


Source URL: