Feedback and performance review are routine parts of many employment relationships. So it’s surprising to find that they take us into obscure corners of data protection law. Regulators have been clear for more than a decade that an opinion about someone is personal data, but there has been much less exploration of the fact that […]
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Categories
Data Breaches: assessing risk
Under the GDPR’s breach notification rules, it’s essential to be able to quickly assess the level of risk that a security breach presents to individual data subjects. Any breach that is likely to result in a risk to the rights and freedoms of natural persons must be reported to the relevant data protection authority, with […]
Categories
Consent: control or formality?
More than a decade ago, European data protection regulators identified the problem of “consent fatigue”, where website users were overwhelmed with multiple requests to give consent for processing of their personal data. In theory, responding to those requests let individuals exercise control but, in practice, it seemed more likely that they were just clicking whatever […]
Categories
DPbD: does it matter what it stands for?
Terminology matters. OK, you’d expect me to say that, as a sometime mathematician, engineer and lawyer. But the importance to all of us is highlighted by a confusing tangle of terminology that has grown out of Ann Cavoukian’s original idea of “Privacy by Design”. That phrase was introduced in 1995 – just too late to […]
A few years ago I wrote a post on how the GDPR copes with situations when there was a conflict between the obligation to prevent, detect and investigate incidents and the obligation to inform all those whose personal data you process. Do you, for example, need to inform someone who is attacking your systems that […]
Categories
Digital Qualifications and GDPR
Over the past decade or more, we’ve developed federated access management as a technical, policy and legal framework to exchange up-to-date information to help current staff and students access the resources they need. Authentication, status and membership information all need to be fresh to be useful and frequent use makes it worth organisations entering into […]
Categories
What Happens in VR…?
A colleague spotted an article suggesting, among other things, that Virtual Reality could provide a safe space for students to practice their soft skills. This can, of course, be done by classroom roleplay but the possibility of making mistakes that fellow students will remember could well increase stress. This certainly chimes with feedback I received […]
Categories
Srry, you woke me…
Recently I was in a video-conference where Apple’s “smart” assistant kept popping up on the presenter’s shared screen. Another delegate realised this happened whenever the word “theory” was spoken. It’s close… These events – which I refer to as “false-wakes” – are privacy risk: maybe small, but that depends very much on the nature of […]
Categories
ePrivacy Regulation: one step closer
[Update (Nov’21): I’ve discovered that Patrick Breyer MEP has published a “parallel text” of the three current proposals (Commission, Parliament and Council). Not exactly easy reading, but it makes it much easier to see where they are similar, and where there remain significant differences] [Original (Feb’21) post…] After four years, and nearly three years after […]
Categories
Is “AI bias” an excuse?
Something made me uneasy when a colleague recently referred to “AI bias”. I think that’s because it doesn’t mention the actual source of such bias: humans! AI may expand and expose that bias, but it can’t do that unless we give it the seed. That’s rarely deliberate: we might treat it as a result of […]