Categories
Articles

Clouds and Law: Work to Do

A new Opinion on Cloud Computing from the Article 29 Working Party highlights a number of difficulties in applying current data protection law to the cloud computing model and suggests that changes are needed both to cloud contracts and to European law. The main concerns are over lack of control by the client using the […]

Categories
Articles

Pseudonyms and Data Protection

The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law. A pseudonym is an identifier (often randomly generated) whose value is unique to me, […]

Categories
Articles

Digital Economy Act Code

Ofcom have at last published the Initial Obligations Code on how ISPs must deal with copyright infringement reports under the Digital Economy Act 2010. The accompanying notes, and in particular Annex 5, provide welcome recognition of the work that is already done by universities and colleges to reduce infringement on the Janet network, as well […]

Categories
Articles

DNS Logs for Incident Response

A number of talks at the FIRST conference this week have mentioned the value of Domain Name Service (DNS) logs for both detecting and investigating various types of computer misuse: from users accessing unauthorised websites to PCs infected with botnets to targeted theft of information (see, for example, Google’s talk). DNS is sometimes described as […]

Categories
Articles

Defamation Bill – Committee Discusses Moderation

One of the perverse effects of the current law on liability of website operators is that it discourages sites from checking comments and posts provided by others. Instead the law encourages the operator to do nothing until they receive a complaint. Earlier this week the House of Commons Select Committee considered whether an amendment was […]

Categories
Articles

Defamation Bill – Hints at Definitions and Processes

The 21st June sitting of the Commons Defamation Bill Committee provided some hints at answers to my questions about the Bill’s definitions and process. On the question of who will be a “website operator”, able to benefit from the new defences, the Minister suggested this should be left to the courts, who can adapt to […]

Categories
Articles

Defamation Bill Second Reading

The Defamation Bill had its second reading in the House of Commons on Tuesday. Most of the MPs who talked about the new defences for website operators (clause 5 of the Bill) seemed to appreciate the complex balance between protecting reputation and protecting free speech, and agreed with the Justice Secretary: our current libel regime […]

Categories
Articles

Defamation Bill – New Options for Websites?

Under current defamation law, if a website wants to avoid all risk of liability for material posted by third parties then its best approach is to not moderate postings when they are made, and remove them promptly when any complaint is made. As I’ve pointed out in various responses to consultations (and as now seems […]

Categories
Articles

Draft EU Regulation on eIdentities

The European Commission have proposed a draft eIdentity Regulation, to replace the current eSignatures Directive (99/93/EC). While the proposal is mostly concerned with inter-operability of national electronic IDs and improving the legal significance of digital signatures, timestamps, documents, etc. there are also some new requirements on “trust service providers”. According to Article 3(12), Trust Services […]

Categories
Articles

Choosing the Right Identifier

In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice […]