An interesting query arrived about when to advertise role-based, rather than individual, e-mail addresses. Do role-based ones feel too impersonal, for example, because senders don’t know who they are dealing with? I’ve been recommending the benefits of role-based e-mail addresses, such as firstname.lastname@example.org for a long time. From a legal point of view they avoid […]
A question recently arose about monitoring students’ attendance at lectures and tutorials, and how this fitted into data protection law. Since the main purpose of such monitoring seems to be to identify and assist students who don’t attend, and whose presence is therefore not recorded or processed, there seem to be a number of both […]
I was interested to spot that the Article 29 Working Party visited the question of “public authorities” back in 2014, on page 23 of their Opinion on Legitimate Interests. There they note that there are two possible interpretations of the (then draft) General Data Protection Regulation’s (GDPR) rule that public authorities may not use legitimate […]
To mark one year to go till the General Data Protection Regulation comes into force, we’ve published an article on “How Universities and Colleges Should be Preparing for New Data Regulations” on the Jisc website.