Categories
Articles

Privacy Riskiness for Access Management

On a privacy course I teach for system and network managers I suggest a scale of “privacy riskiness”, the idea there being that if you can achieve an objective using information from lower down the scale then you run less risk of upsetting your users and/or being challenged under privacy law. That scale is very […]

Categories
Articles

Explaining Attribute Release

Federated access management can make things nice and simple for both the user and the service they are accessing. By logging in to their home organisation the user can have that organisation release relevant information to the service – “I am a student”, “this is my e-mail address” and so on. And because that information […]

Categories
Articles

MoJ Data Protection Response

An interesting morning yesterday at the launch of the Ministry of Justice’s Response to the Call for Evidence on the Current Data Protection Legislative Framework. JANET’s evidence focussed on the difficulties of applying data protection law to the Internet: the current law has proved unclear on the status of IP addresses and similar pseudonymous identifiers, […]

Categories
Articles

Data Protection Directive Meeting

I had an interesting day in Brussels yesterday, providing input for the Commission’s revision of the 1995 Data Protection Directive. Invitations had been sent to those who responded to the consultation last year, so a wide variety of organisations were present, including banking, marketing, medical, consumer rights, content industries and telecommunications operators. There was general […]

Categories
Presentations

Pseudonymous Identifiers and the Law

For a while I’ve been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can’t. Indeed […]

Categories
Closed Consultations

EC Consultation on personal data law

The Commission have been running a consultation for several months to inform a possible revision of the Data Protection Directive (95/46/EC), which is now fifteen years old and starting to creak under the strain of new ways of doing business. I’ve sent in a JANET(UK) response raising issues we’ve tripped over in developing the UK […]