The below is my complaint to the Information Commissioner’s Office regarding Herefordshire Council’s extensive searching for, collecting and sharing of data concerning my web presence, social media and websites for no less than five years as of writing this; much of it without RIPA or legal authority, while during the same period harassing me and issuing multiple threats of legal action.

It included the communications between me and their lead case, who not only changed the reason for my complaint but conducted a bias investigation, at first undecided on data protection and later unwilling to hold the local council accountable for the distress and irreversible harm caused.

Below is a redacted copy of my email complaint to the ICO

1 ICO Complaint Herefordshire Council data gathering_Redacted

 

After the ICO received my email and viewed it on Mon, 22 Aug 2022, 15:07 it was a further month before I received the emailed response below and the attached letter, to which I replied.

2 ICO Complaint Herefordshire Council data gathering_Redacted 2 ICO Complaint Herefordshire Council data gathering_Redacted attachment

 

After my email of 23rd September to the ICO they responded on the 7th October, as below

3 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

On the 8th November, I emailed and asked the ICO for an update

4 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

I received a response from the ICO on 11th November telling me the case had been allocated to a case officer

5 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

After this date, on 18th November, I received the below email from the ICO saying “You have expressed concerns about “Herefordshire Council’s distressing extended monitoring, spying, data collection & sharing without lawful authority”. While some of these emails are repeated, I enclose these because the ICO broke from the original chain of emails.

6 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

The next chain of emails with ICO. Herefordshire Council continues to search the internet and monitor my social media and web presence during this time, with an attempt to follow me on Twitter which I refused and blocked.

7 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

On the 9th of January, I emailed the ICO’s Ms Fletcher and asked for copies of communications between them and Herefordshire council

8 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

On 13 January, I received the below email from the ICO’s Ms Fletcher

9 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

I also received an email of acknowledgement of my request for copies of communications between the ICO and Herefordshire Council with a new case reference number

10 Acknowledgement of information request - ICO Case Reference_ IC-210462-S3H6_Redacted

 

On 16th January I received the below email from the ICO’s Ms Fletcher, with me replying on the 26th of January

10a ICO Case Reference_ IC-188010-V0J0_Redacted

 

Between the 16th and 26th of January, on the 18th of January I received the following email response and attachments regarding my request for copies of communications between the ICO and Herefordshire Council

11 Response to your Information Request - ICO Case Reference_ IC-210462-S3H6_Redacted

 

Attachment Response Letter (IC-210462-S3H6)

12 Response Letter (IC-210462-S3H6)_Redacted

 

Attachment Response Bundle (IC-210462-S3H6)

13 Response Bundle (IC-210462-S3H6) Redacted

 

The next email from the ICO was on 3rd February.
To date, I believe the ICO to be defensive of Herefordshire Council and obstructive rather than helpful. At no point have I been permitted to see any information Herefordshire Council may have sent to the ICO, and the ICO while disregarding distress caused and my statements that restrictions were in place regarding Herefordshire Council, they have not once told me what specific evidence I need to provide, nor have they confirmed or denied that they will fine Herefordshire Council for over 5 years of direct surveillance, data collection and sharing of social media and web presence.

14 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

Below is my reply email of 19th February to the ICO’s Ms Fletcher

15 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

below is the ICO’s reply to my request of the 19th February. In the meantime I will write to Herefordshire Council, mindful that their monitoring and surveillance of my web presence continues.

16 Response ICO Case reference_ IC-219405-L7F6_Redacted

 

I also received (below) a response from MS Fletcher, the individual investigating my complaint regarding Herefordshire Council and the at least six years of monitoring and surveillance of my internet presence. Ms Fletcher has chosen to evade telling me what specific evidence she requires to ‘categorically indicate’, Herefordshire Council flouted or violated DPA or RIPA for the purpose of my complaint and the ICO holding Herefordshire Council to account.

17 response ICO - Case Reference IC-188010-V0J0_Redacted

 

Having received Ms Fletcher’s somewhat evasive email, I have replied as follows, asking, once again, what evidence I need to provide for the ICO so they can conclude the case and ruling. I await a reply.

18 - Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

I also posted a letter to Paul Walker the CEO of Herefordshire Council on 8th March, that letter can be read below.

The letter can be read below

Letter to Herefordshire Council Paul Walker Re Dates of Surveillance 06-03-2023_Redacted

 

As my last email was being sent to Ms Fletcher, I also received the below email from the ICO containing two attachments

20 Response to Information Request - ICO Case Reference_ IC-219405-L7F6_Redacted

 

The attachments

21 IC-219405-L7F6 Response Letter_Redacted

 

22 IC-219405-L7F6 Information Disclosure

 

The below is a copy of my request to Herefordshire Council, which Ms Helen Worth inaccurately copied in her response to the ICO’s Ms Fletcher.

22a Request for missing data 13-04-2022_Redacted

 

Below is a pdf of a spreadsheet of some of the visits to this website by Herefordshire Council from their internet searches and visits to my social media. The council attempted to follow me on social media (contrary to their own policy) which I refused and blocked and made multiple vexatious threats of legal action during the period these dates cover.
It’s evident to me that when the council realised I had blocked their main network they switched to using a VPN service to continue their surveillance of my web presence, social media and the whileincare websites.

23 Hereford Council IP remote access some visits basic info

 

The spreadsheet itself can be downloaded & viewed from the link below and contains referrers of the searches Herefordshire Council staff used.

24 Hereford Council IP remote access some visits basic info

Knowing Herefordshire Council was watching my social media, comments and viewed pages of the website before and during a Court of Protection case also clarifies their staff were wilfully prepared to mislead and deceive the courts.

 

Below is the latest response from the ICO’s Ms Fletcher, again avoiding answering my question as to what further evidence I need to provide regarding their investigation concerning Herefordshire Council’s extensive, no less than six years, of direct monitoring & surveillance of my web presence and social media, and to show they flouted or violated DPA and RIPA.

25 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

If Herefordshire Council haven’t been monitoring my web presence and social media, as declared to the ICO on 12th January 2023, and contrary to factual evidence I provided to the ICO, why did Herefordshire Council staff ask for the latest details regarding my social media in 2021 and continue direct covert monitoring without legal authority while threatening me with legal action?

The answer is they lied to the ICO and are attempting to conceal the truth.
See the below which the ICO has seen a copy of and read.

3. HT monitoring_0014

 

Helen Worth’s declaration to the ICO also conflicts with her statement of 12 January 2023 and the below offer during 2021 of ‘investigation work’, is also conflicts with logs of Herefordshire Council staff’s many visits to my social media and website via the use of a VPN to circumvent the block imposed on Herefordshire Council’s network IP addresses

4. Fancy investigation work_0018

 

Today I emailed the ICO’s Fletcher, asking for a third time, what evidence I need to provide regarding their investigation concerning Herefordshire Council that shows they flouted or violated DPA and RIPA. A copy of that email is below. I suspect they will not tell me what evidence is needed.

27 Your email to the ICO - Case Reference IC-188010-V0J0 1

 

Ten days passed, I didn’t receive a response from Ms Fletcher regarding my third attempt asking what further evidence I needed to provide, mindful of the fact that Ms Fletcher stated she had viewed evidence from Herefordshire Council when a separate SAR to the ICO showed the only ‘evidence’ or rather statement provided by Herefordshire Council was the email from information governance at Herefordshire Council dates 12th January 2023, which I have already posted above.
I next emailed the ICO to request a case review due to the poor handling and disregard of distress caused, as below.

28 Case review and service complaint form_Redacted

 

On 13th April 2023, the day after submitting my request for a review of the case, I received the below email from Ms Fletcher

29 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

On 25th April 2023, I received the below email from Rachel Webster of the ICO, with attached letter of review of the case.

30 Your email to the ICO - Case Reference IC-188010-V0J0_Redacted

 

Below is Ms Webster’s attached outcome letter to me regarding my complaint and the poor investigation by her ICO colleague

30a Case review and service complaint response 25.4.23_Redacted

 

By failing to conduct a thorough investigation, with such apparent bias, and the reviewer of the case ignoring failures and refusing to hold Herefordshire Council to account, I believe the Information Commissioner’s Office has essentially approved that any local council can disregard laws regarding data and the surveillance of any private individual.
The ignorance of the distress, even the harm it causes, and the unrestricted misuse of gathered data, no concern to the ICO regardless of GDPR, DPA or RIPA.

Further, Section 173(3), of The Data Protection Act 2018 makes it an offence to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure to individuals under the subject access provisions. So why did Alison Fletcher & Rachel Webster both disregard this fact and help Herefordshire Council conceal their unlawful spying?

The section of legislation I refer to:
https://www.legislation.gov.uk/ukpga/2018/12/section/173

I recently asked an AI model what it thought the ICO officer Ms Fletcher should have done regarding my email reply to the ICO. This short video was the response to asking the following:

Q. what should the investigating officer do?
The email I gave the AI model: Thank you for your email of 23rd March 2023. Having read communications between yourself and Herefordshire Council, which indicate you take Herefordshire Council’s erroneous statements as truthful and accurate while disregarding factual evidence to the contrary, I ask once again and for a third time, the following:
Please detail what evidence you need regarding the surveillance besides the already provided proof of dates, information of searches, data collection and sharing of my sites content (while blocked) and social media over at least the past five years, and admittance of investigation without lawful authorisation by Herefordshire Council which would as you say ‘categorically indicate’ Herefordshire Council flouted or violated DPA or RIPA.

AI response

 

I recently discovered Herefordshire Council has destroyed some evidence of their activity, but fortunately I have records, including some of theirs.

An update on the 17th of April 2024

Since the above I have been dealing with the case I raised with the Investigatory Powers Tribunal regarding Herefordshire Council’s many visits to this website and social media, while circumventing restrictions and stating they had no authorisation or Court Order, and spent time trying to obtain data logs containing relevant information to my data, website and social media from Herefordshire Council and their proxy/VPN provider, Forcepoint Security.

Forcepoint neglected to forward my Subject Access Request (SAR) to Herefordshire Council and ignored sending me the requested data logs. Therefore, I reported the Forcepoint neglect of GDPR to the ICO.

Below is my correspondence with the Information Commissioner’s Office employee, attempting to request their help in obtaining the requested data I am entitled to, and asking for ICO guidance. Which while the ICO employee forwarded my SAR to Herefordshire Council, they refused to advise or provide guidance. 

Such adversely impacted on the Investigatory Tribunal Case, assisting Herefordshire Council to conceal their actions/inactions and data collection from this website and my social media while circumventing restrictions to do such. To date, and since submitting my SAR in November 2023, neither organisation has complied or provided the requested. 

Email to the ICO - Case Reference IC-286039-W4D1_Redacted

 

Essentially, while this is specific to my case it may help others trying to obtain evidence for lawful purpose or legal redress. I have attempted to explain to the ICO employee the following, without success:

What part of the UK GDPR or Data Protection Act permits a person to have copies of data logs for visits from an organisation to their personal website or social media containing identifiers  linked to the person/data subject?

In my understanding, under the General Data Protection Regulation (GDPR) in the UK a person has the right to request access to personal data that an organisation hold about them.
A Subject Access Request (SAR) allows the person to obtain confirmation as to whether or not personal data concerning them is being processed, If so, access to that personal data and obtaining information about how it is being processed.
Therefore, if an organisation visits a person’s personal website or social media and collects personal data in the process, the individual has the right to request access to that personal data. Such could include data logs of visits to their website or social media profiles.

While there are certain exemptions and limitations to the right, such as when providing access would adversely affect the rights and freedoms of others or when the data contains information about someone else, in most cases, the person has the right to request access to personal data collected about them, including data logs of visits to their online platforms.

In the UK the GDPR is implemented through the Data Protection Act 2018 (DPA), this Act’s supplementation to the GDPR provides additional details and provisions specific to the UK context.
Under the DPA 2018, a person has the right to request access to personal data held by organisations, which includes data logs for visits to personal websites or social media profiles. Such is outlined in Part 2, Chapter 3 of the DPA, which details the right of individuals to access their personal data.
In other words, Section 45(1) of the DPA 2018 gives people a right to obtain their personal information that is being used for a law enforcement purpose.
This right allows people to request a copy of their personal information from the organisation, as well as other supplementary information is usually a SAR.
REF:
https://www.legislation.gov.uk/ukpga/2018/12/section/45
https://www.legislation.gov.uk/ukpga/2018/12/section/167/enacted
https://www.legislation.gov.uk/ukpga/2018/12/part/3/chapter/3
https://www.legislation.gov.uk/ukpga/2018/12/part/2/chapter/3/enacted

So,  while the GDPR provides the encompassing framework for data protection in the UK, the specific legislation that grants individuals the right to access personal data, including data logs, is the DPA 2018. There is also reference I have not included, due to trying to keep this update as short as possible.