The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at machine learning… Onfido’s engagement looked at how to train and review the performance of machine learning models. In thinking about that I’d concluded that the GDPR […]
Author: Andrew Cormack
I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!
The European Data Protection Supervisor (EDPS) has responded to the Schrems II judgment with a risk-based roadmap for EU institutions: Perform an inventory of all flows of personal data to entities outside the EU; Priority for change will be existing transfers with either no legal basis, those based on a derogation, and those to organisations […]
Working with non-human intelligence
Today’s expert panel on Data Ethics took a fascinating turn: to consider what a healthy relationship between human and AI would look like. Although we tend to discuss characteristics and affordances of technology, proper use of technology depends on the human side of the partnership, too. When choosing or using any tool that uses AI, […]
Care with “Ethics”
I was invited to be a “catalyst” or “provocateur” for a discussion on Data Ethics, hosted by the Institute for the Ethics of AI in Education. Here goes… This has definitely been my “summer of Ethics”: I’ve read, listened, discussed and learned a lot. Mostly good, but here are four tendencies that concern me. Don’t […]
This morning’s discussion – jointly hosted by the All-Party Parliamentary Groups on Data Analytics and Health – suggested that if we want uses of health data to be trusted, we need to trust citizens and patients to think more deeply about benefits and risks than media headlines might suggest. The session was inspired by a […]
Assessing our security services
Jisc performs a number of different activities to keep Janet and customer sites secure. Here’s a very short video on how we used a Data Protection Impact Assessment and a Legitimate Interests Assessment to check that those activities do not themselves create disproportionate risks. You can read the reports: Security Operations Centre (SOC): Data Protection Impact […]
Since it has provided the foundation for most of the work I’ve been doing on data for the past couple of years, I’ve recorded a video explaining our standard model for “analytics”, in both practical and legal terms If you’d like to know more, a couple of papers set out the theory Downstream Consent: a […]
Where should I put my data?
After a couple of years when the question of data location had dropped a little down the priority list, two things have pushed it back up again. First, the Schrems II decision of the European Court, which cancelled the US-EU Privacy Shield and added some – but it’s not yet clear how onerous – new […]
AI: thinking about definitions…
To ensure a lively discussion at a recent round-table on AI Ethics participants were asked, provocatively, “was the A Level algorithm fair?”. OK, I can be provoked… It depends on what you mean by “fair”… As has been widely discussed, the main objective set for those who designed the algorithm seems to have been to […]
Incident Response and Law
On and off, I’ve been researching the legal aspects of incident detection and response for fifteen years, and published more than 25000 words in law journals. So, can that be summarised in less than five minutes? You judge… And if you’d like to read more, here are the original papers: Processing Data to Protect Data: […]