Myths associated with data protection legislation abound. After the conviction of Ian Huntley, the chief constable of Humberside, David Westwood, claimed that the Data Protection Act 1998 had prevented the constabulary from retaining details of previous sex offence accusations. West-wood subsequently retracted this statement. British Gas recently claimed that the act prevented them from telling social services when they cut off the gas supply of two pensioners. This and similar statements prompted the Information Commissioner, Richard Thomas, to say that “it is ridiculous that organisations should hide behind data protection as a smoke screen for practices which no reasonable person would ever find acceptable”.
Milan Vjestica, in his article that recently appeared in this publication (Cybercrimes, 18 March, 2004), is in danger of perpetuating a number of additional data protection myths. Milan claimed that “a new European Commission directive introduced at the end of last year aimed to protect UK businesses by making it a criminal offence under the Privacy and Electronic Communications Regulations to send unsolicited emails”. He also argued that “before the introduction of the regulations, it was already an offence to send unsolicited emails” under the act. I do not agree with these statements. Firstly, the legislation was never likely to provide much protection to UK business. Secondly, it is not a criminal offence, nor has it ever been a criminal offence, simply to send an unsolicited e-mail.
