Categories
Articles

Article 29 Working Party hints at new approach to Cloud

The Article 29 Working Party have published an interesting toolbox for Binding Corporate Rules (BCR) for Data Processors. BCRs for Data Controllers have been suggested for some time as a way that large multi-national companies can comply with European Data Protection law. By having its internal rules for handling personal data approved as compliant with […]

Categories
Articles

Processing personal data for third party interests

An interesting reminder from the European Court of Justice (ECJ) that the Data Protection Directive (95/46/EC) is supposed to make processing and exchanging personal data easier as well as safer. The Directive contains a number of different reasons justifying processing of personal data (gathered together as Schedule 2 of the UK Data Protection Act 1998), […]

Categories
Articles

The Definition of Consent

Although consent is a key concept in Data Protection, discussions of it often seem confused and legal interpretations inconsistent. For example the European Commission has in the past called both for a crackdown on the over-use of consent and for all processing of personal data to be based on consent! A new Opinion on the […]

Categories
Articles

Privacy Riskiness for Access Management

On a privacy course I teach for system and network managers I suggest a scale of “privacy riskiness”, the idea there being that if you can achieve an objective using information from lower down the scale then you run less risk of upsetting your users and/or being challenged under privacy law. That scale is very […]

Categories
Articles

Personal Data – yet another contradictory decision

For a while there has been one pair of contradictory answers to the question of whether an IP address was personal data. Two different German courts were asked about addresses in the log of a web server: one said that was personal data, the other said it wasn’t. Now we seem to have another pair. […]