“Big Data” has – often rightly – had a bad press. Is there a better way to think about it? Starting from potential benefits and discussing how they might be achieved should help us choose the right outcomes to aim for when using data, make it more likely that those aims will be delivered, and […]
Author: Andrew Cormack
I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!
Adequacy Shanty
Inspired by Gavin Freeguard’s National Data Strategy Sea-Shanty, and in homage to the shanty-makers (I’ve worked the North Atlantic on small ships), here’s my “Adequacy Shanty”… Farewell and adieu to you, fair Spanish data, Farewell and adieu to you data of Spain, For our UK law may be judg-ed inadequate, And we may never see […]
It seems easy to come up with new ways we might re-use data we already have. But harder to work out, in advance, whether an idea is likely to be perceived as unethical, intrusive, or just creepy. In a recent paper – “Between the Devil and the Deep Blue Sea (of Data)” – I explored […]
Thinking with GDPR
[Based on a presentation for the NISO Plus conference, February 22-25, 2021] One thing it seems everyone knows about Europe is that we have a strong privacy law: the General Data Protection Regulation, or GDPR. In this talk I’d like to get you viewing that not just as a law, but as a really useful […]
Using Social Media: is it ethical?
In a chat at the DataMatters conference I was asked about the ethics of universities and colleges using social media providers to contact students. In breaking down that question, I think it illustrates a continuum: the more we interfere with individuals’ own choices of what and how to use, the more thinking we need to […]
WHOIS access and the NIS2 Directive
The European Commission’s proposed update of the Network and Information Security Directive may revive discussions about access to WHOIS data. When a domain name is registered, contact details are typically requested for various purposes, including billing, administrative and technical questions. For most of the history of the DNS this ‘WHOIS’ data – including names, postal […]
How to become an expert phish-spotter
We’ve all been trained how to spot phishing emails: check the sender address, hover over links to see where they go, etc. But that’s a lot of work and mental effort. And, given that most emails aren’t phish, almost all wasted. So can we do it better? A fascinating paper by Rick Wash looked at […]
During the pandemic, a lot of ideas have come up – not just contact tracing! – where useful information might be derived from location data. It struck me that a selection of those might be an interesting illustration of how intrusiveness isn’t just about the data we use, but what we use it for. Here’s […]
The latest report on ICO sandbox participation contains a rapid pivot, and some useful discussion of the “public interest” justification for processing. Back in mid-2019, NHS Digital was awarded a sandbox place for a system for recruiting volunteers into clinical trials (the actual conduct of trials is out of scope). A few months into 2020 […]
Online Harms White Paper
Tertiary educational institutions have a very specific role in promoting free speech, whether verbal, in writing or on-line. This is set out in general in the Education (No.2) Act 1986, with specific limitations – monitored by the sector regulators – to manage the risk of radicalisation in the Counter-Terrorism and Security Act 2015 and, for […]