Categories
Closed Consultations

Privacy online: is a separate Directive still needed?

Now that the General Data Protection Regulation has been completed, the European Commission is reviewing the ePrivacy Directive. This law was introduced in 2002 as part of the telecommunications framework, and it was recognised at the time that it was likely to be largely replaced by a future general privacy law. That has taken longer […]

Categories
Articles

Wifi location data

More than a decade ago the e-Privacy Directive mentioned “location data” in the context of telecommunications services. At the time that was almost entirely about mobile phone locations – data processed by just a handful of network providers – but nowadays many more organisations are able to gather location data about wifi-enabled devices in range […]

Categories
Articles

GDPR – the final text?

The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission’s “lawyer-linguists” to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the […]

Categories
Presentations

Sharing Information to Protect Privacy

I was invited to give a presentation on legal and ethical issues around information sharing at TERENA’s recent security services workshop. The talk highlighted the paradox that sharing information is essential to protect the privacy of our users when their accounts or computers have been compromised, but that sharing can also harm privacy if it’s […]

Categories
Articles

Incident Response and the Law

At the FIRST conference this week I’ve heard depressingly many incident responders saying “our lawyers won’t let us…”. Since incident response, done right, should actually support the law’s objectives, it seems we need to be smarter, and maybe a bit more assertive, about explaining how incident response and law interact. The laws most relevant to […]

Categories
Articles

Bins, MACs and Privacy Law

A recent news story reported that a small number of litter bins in London were collecting a unique identifier from passing mobile phones and using these for some sort of “footfall analysis”. There doesn’t seem to be much detail about the plans: it struck me that a helpful application could perhaps be look for the […]

Categories
Articles

Sharing to Win Privacy

The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, […]

Categories
Articles

Can Internet Stability be Regulated?

A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]

Categories
Articles

Privacy, Regulation and Innovation

Robin Wilton of the Internet Society gave a talk at the TERENA Networking Conference on the interaction between privacy, regulation, and innovation. It’s a commonly heard claim that regulation stifles innovation; yet the evidence of premium rate phone fraud and other more or less criminal activities suggests that regulation can, in fact, stimulate innovation, though […]

Categories
Articles

ICC Cookie Guide updates

The International Chamber of Commerce has published a revised version of its Cookie Guide, reflecting the new information that has been produced by the Information Commissioner and Article 29 Working Party since the original version last April. There are relatively few changes to the existing text, in particular the four ICC categories of cookie remain […]