Categories
Articles

How to become an expert phish-spotter

We’ve all been trained how to spot phishing emails: check the sender address, hover over links to see where they go, etc. But that’s a lot of work and mental effort. And, given that most emails aren’t phish, almost all wasted. So can we do it better? A fascinating paper by Rick Wash looked at […]

Categories
Peacasts

Thinking (using COVID-19) about location data

During the pandemic, a lot of ideas have come up – not just contact tracing! – where useful information might be derived from location data. It struck me that a selection of those might be an interesting illustration of how intrusiveness isn’t just about the data we use, but what we use it for. Here’s […]

Categories
Articles

Sandbox Tales: Public Interest and Privacy Notices

The latest report on ICO sandbox participation contains a rapid pivot, and some useful discussion of the “public interest” justification for processing. Back in mid-2019, NHS Digital was awarded a sandbox place for a system for recruiting volunteers into clinical trials (the actual conduct of trials is out of scope). A few months into 2020 […]

Categories
Articles

Online Harms White Paper

Tertiary educational institutions have a very specific role in promoting free speech, whether verbal, in writing or on-line. This is set out in general in the Education (No.2) Act 1986, with specific limitations – monitored by the sector regulators – to manage the risk of radicalisation in the Counter-Terrorism and Security Act 2015 and, for […]

Categories
Articles

Internet Regulation – the long view

[UPDATE] Recordings from the event are now available David Clark of MIT is one of the best people to take a long view of the Internet: he has been working on it since the 1970s. So his suggestion – in a Weizenbaum Institute Symposium yesterday – that the 2020s may see as dramatic a change […]

Categories
Articles

Schrems II: EDPB draft Guidance on exporting personal data

The European Data Protection Board (the gathering of all EU Data Protection Regulators) has now published its initial guidance on transfers out of the EEA following the Schrems II case. This recommends that exporting organisations follow a similar roadmap to the earlier one from the European Data Protection Supervisor (who regulates the EU institutions). In […]