I’ve just sent in a Janet Submission to the Ministry of Justice’s Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for
- Internet Identifiers: still no clarity on when IP addresses etc. are personal data, but at least more realistic provision for when they are;
- Incident Response: good to have this explicitly recognised as important for protecting privacy and building trust, but some risk that legislation may create barriers to necessary and proportionate sharing of information about incidents;
- Breach Notification: concern that timescales for reporting (and penalties for not meeting them) are unrealistic and may skew incident response priorities;
- Cloud Computing: looks helpful for consumer clouds, but leaves the existing uncertainties for those outsourcing to cloud providers.