The Deviant’s plan was to make the first ‘corporate tyrants’ story on the site about LUSH Cosmetics, that naff and tacky soapmongers for soap-dodging hippies with daddy’s money to spend on priviledge-guilt allieviating soap. I do have a delightful one about Lush North America in the drawer, however, the Universe wanted the Deviant to start off with the Daily Mail. And you don’t fuck about with greater powers. So:
It reaches the Deviant that the world’s favourite news website and Britain’s most indignant, if conflicted, daily paper’s pre-teen peeving online counterpart is openly pimping out its database of vociferous patriots to any interested buyer, through a subsidiary it appears to own, up in the Sheffield wastelands. Wonder where all that spam was coming from?
At £150 per 1,000 names, a data broker called DMRI, of Sheffield, sells a list of Daily Mail usernames and emails, bragging: “Dailymail.co.uk the online home of the Daily Mail and The Mail on Sunday, continues to grow at a tremendous pace, with unique visitor numbers up 121% on a year ago. With more newspaper and exclusive content, video, pictures and tools than ever before, the site is the first stop for millions of people every month.”
Somewhat misleadingly, the Mail Online tells its would-be registrees on its website: “We take your privacy seriously. All of the details you enter below are kept private…” Alas, that really happens only unless anybody offers to buy them wholesale, as proven by the discreet check boxes you have to click if you don’t want your information shared with random spammers, or ‘trusted third parties’ – as lawyers call them.
The same DMRI agency says it’s selling similar lists of readers of many other DMG Media (Daily Mail Group, formerly Associated Newspapers) websites. Might it be an ‘in-house’ agency, only that instead of Northcliffe House, the DM chucked it all they way up in Sheffield? On the firm’s reports submitted to Companies House it says that DMRI’s director is one Sara W.; she, on her Linked In profile says she owns DMRI – not just heads it.
Yet her company’s website’s history contradicts that claim: there’s a whole essay about how good it feels to be worthy of being bought up and owned by the DMGT conglomerate. “Our success has led to the company being purchased by the Daily Mail & General Trust (DMGT). [sic] and as such we are able to offer our clients unrivalled access to the UK’s online market place [sic]. DMGT is one of the largest and most successful international media companies in the UK and has interests in national newspapers and related digital operations, local media, business and financial information, exhibitions and radio. DMGT was incorporated in 1922 but has origins dating back to the launch of the Daily Mail in 1896. As one of the longest-established media companies in the UK, DMGT has long invested in editorial excellence to become one of the most successful information providers in the country,” it says. It’s therefore not clear if The Mail owns DMRI or not.
Pass the sick bucket.
I proceeded to excitedly, half-drunkenly phone DMRI of Sheffield posing as “a freelance marketing consultant for a [fictitious] Romanian maker of organic, vitriol-based ointments” and proposed to buy data on 50,000 out of the 150,000 UK innocent Daily Mail readers available through this company, for “an email campaign” – the research I had “showed that Mail Online UK readers are ideal customers”. The saleswoman said that DMRI doesn’t “look after that list anymore” despite still advertising it online, then promptly offered to sell it to me anyway. After suggesting the paper’s name isn’t used in the campaign, and without asking for any proof of what I’d just told her off the top of my head, she made a written offer.
Then I wrote to the DMGT group asking them for clarifications about the company. No answer was forthcoming despite repeated emails and calls.
Such is the undergrowth business of gratis online services, and the Mail Online is one among many other huge Internet companies who practice it, albeit the cheekiest. It being the world’s biggest news site though, the shockwaves are easier to pick up on. Jobs boards, cheesy online dating sections and even comments sections of most websites require registration, ostensibly for accountability but also for the bankable purposes of personal data peddling.
There’s a reason why those terms and conditions texts are impracticably long and boring and why it’s been made so easy to just tick “accept” and quickly move on without reading. If you don’t pay for it, then the product is you!
In the same vein, you might want to review your ticks if you’re a member of one of the sites listed in the document below:
July 18 2014 – HOT DAMN, PEOPLE: Turns out there’s a fucking Data Protection Act in the UK law which contains regulations about personal data and how it’s meant to be handled by massive fucking organisations such as the Mail. Turns out there’s specific penalties in there for breaking this DATA PROTECTION ACT, and there’s this fucking office called the Information Commissioner’s Office, ran by a fucking Information Commissioner who’s tasked by Her Majesty The Queen’s government to enforce the fucking thing.
The Deviant has contacted a top data security expert (boffin) to tell more about this unexpected twist, and we’ll name him when he gives his two pence worth – which he agreed he would.
Owen Boswarva – our boffin – was kind enough to enlighten the world on the matter at hand. Here’s the gist of what he said:
“I’m not an expert on the Data Protection Act, although I have a working knowledge. I’ve read your article. Based on the information you have found, I cannot see any reason to think either the Mail or DMRi are in breach of DPA.“To some extent most of the large news organisations are involved in direct marketing and resale of email lists. The Mail is more heavily involved than most; its parent company DMGT owns a wide range of data-related companies. […]
“The phrase “trusted third parties” is common in privacy statements. However as far as I know it doesn’t have a defined legal meaning in the context of data protection law. DMRi and the Mail cannot pass along personal data indiscriminately to third parties. I would expect there to be some kind of data licensing contract involved. However once the data is transferred the onus is on the third party to make sure they comply with DPA in their own processing. I suppose the company that provided the data list could also be in breach of DPA if it passed the list to you without making any attempts at all to confirm your identity; for example if it let you pay for the list in cash. The law might view that as collusion. But that’s a pretty unlikely scenario.”
There you have it, folks. It’s absolutely legal to have your data sold to any kind of spammer provided they sign a licensing agreement relieving the seller from responsibility, making the organisation who initially passes it not liable for how your PERSONAL INFORMATION is used. The DMRi didn’t say anything about a licensing contract when it made the offer to the Deviant acting undercover. Presumably it would’ve come later when the money were to change hands.
So the phrase “trusted third parties” is meaningless – it might as well be replaced with “anyone who pays”.
Beware – it looks like the Data Protection Act doesn’t do much to protect you.
Better off just giving fake info and setting up a separate – spambox – email address that you only use to register for various free online services.
Once you whet the public’s appetite for truth…
– the header illustration was added on the 11th of June, 14:40