Categories
Articles

Online Safety Bill: effect on small services

Over the past few months there has been a lot of discussion of the impact of the Government’s Online Safety Bill on large providers. Ofcom’s July 2022 Implementation Roadmap (p5) estimates that there are 30-40 of those, to be covered by Categories 1, 2a and 2b. However the roadmap mentions a further 25000 UK services […]

Categories
Articles

NIS 2 Directive: cybersecurity improvement for all

The final text of the revised European Network and Information Security Directive (NIS 2 Directive) has now been published. This doesn’t formally apply in the UK, but does have some helpful comments on using data protection law to support network and information security. I’ve blogged about these previously but, since the final version significantly changes […]

Categories
Articles

EU AI Act: scope of “education”

The European legislative process on Artificial Intelligence has moved on one step with the Council of Ministers (representatives of national governments) agreeing on their response to the text proposed by the European Commission last year. The main focus of the proposed law is makers of products that use “AI”: where these are designed for a […]

Categories
Articles

Machine Learning for Marking Support

One promising application of Machine Learning in education is marking support. Colleagues in Jisc’s National Centre for AI have identified several products that implement a similar process, where a program “watches” a human marking assessments, learns in real time, and suggests how the quality and consistency of marking can be maintained or even improved. This […]

Categories
Articles

Musing on Federated Platform Regulation

The recent increased awareness of federated social networks has produced some discussion about their status under new “platform regulation” laws, such as the UK Online Safety Bill. Most of this has focussed on whether federated instances might be covered by legislation and, if so, what their operators’ responsibilities are. But this post uses them as […]

Categories
Articles

ECJ: Legitimate Interest in accessing registries

European Data Protection Regulators have been expressing their concerns for nearly twenty years about public records of domain name ownership (commonly referred to as WHOIS data). A recent case (C37-20) on public records of company ownership (required under money-laundering legislation) suggests that the European Court of Justice would have similar doubts. But its comments on […]

Categories
Articles

Measuring Student Workloads

Discussions of student wellbeing tend to focus on providing individual support for those who are struggling to cope. That’s great, but likely to demand a lot of skilled staff time. A few years ago Bangor University investigated whether the university might be contributing to stress through excessive or spiky workloads. Addressing causes of stress would, […]

Categories
Articles

Volunteers and Consent

I’ve read two documents this week – one academic paper and one guide from the Information Commissioner – pointing out that just because someone chooses to participate in an activity doesn’t mean that Consent is the appropriate legal basis for processing their personal data. There might be several reasons for that… First, if the nature […]

Categories
Articles

Thinking about automation: DDoS protection

One of the major causes of disruption on the Internet is Distributed Denial of Service (DDoS) attacks. Unlike “hacking”, these don’t require there to be any security weakness in the target system: they simply aim to overload it with more traffic than it (or its network connection) can handle. Often such attacks are launched from […]

Categories
Articles

Europe Wants Patches

The Proposal for a Regulation on Cybersecurity Requirements, recently published by the European Commission, significantly raises the profile of software vulnerabilities and processes for dealing with them after a product is delivered. The Regulation on Digital Resilience in the Financial Sector (DORA), proposed in 2020 and likely to become law shortly, does require organisations to […]