NHS Digital have refused to update my personal information, even though I have a right to rectification under GDPR.
As I have previously posted, I think GDPR has a flaw, in that it seems an organisation can say they will not "accept" you as a customer/client/whatever if they don't like some aspect of your personal information (in this case, the length of my email address). This seems broken, given that once they have accepted you, then you have a right to have personal data corrected. I have asked my MP if they can try and poke someone to fix this flaw in GDPR. My personal information is what it is, including the many bits I get to choose (like name, religion, email address, etc).
But it sounds like it is even more flawed than I thought! It seems that an organisation can simply refuse to update the personal information, instead just terminating access.
Apparently I am welcome to re-register with NHS Digital, providing I comply with their rules on my personal information.
Now, this is, in my case "just" my email address, but it sounds like the same logic could apply to someone's choice of name, or religion, or gender and job title combination, well, anything. Just make up arbitrary rules and refuse anyone that does not fit, cancelling their service if they ask for it to be corrected.
It makes a total mockery of the "right to rectification" even being in GDPR.
How can I have a "right" which can be so simply side-stepped. Does this create a situation where people will be afraid to ask for data to be corrected for fear they lose some service?
I wonder what taking them to court would actually cost?
(The ICO seem complicit, refusing to even understand that NHS Digital has a wrong email address for me)
I get your point,but there is a legal principle which (IIUC) could distinguish email spec from choice of religion etc: "De miminis not curat lex", usually translated as "The law is not concerned with trifles"
ReplyDelete