A new Opinion on Cloud Computing from the Article 29 Working Party highlights a number of difficulties in applying current data protection law to the cloud computing model and suggests that changes are needed both to cloud contracts and to European law. The main concerns are over lack of control by the client using the […]
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Pseudonyms and Data Protection
The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law. A pseudonym is an identifier (often randomly generated) whose value is unique to me, […]
Digital Economy Act Code
Ofcom have at last published the Initial Obligations Code on how ISPs must deal with copyright infringement reports under the Digital Economy Act 2010. The accompanying notes, and in particular Annex 5, provide welcome recognition of the work that is already done by universities and colleges to reduce infringement on the Janet network, as well […]
DNS Logs for Incident Response
A number of talks at the FIRST conference this week have mentioned the value of Domain Name Service (DNS) logs for both detecting and investigating various types of computer misuse: from users accessing unauthorised websites to PCs infected with botnets to targeted theft of information (see, for example, Google’s talk). DNS is sometimes described as […]
One of the perverse effects of the current law on liability of website operators is that it discourages sites from checking comments and posts provided by others. Instead the law encourages the operator to do nothing until they receive a complaint. Earlier this week the House of Commons Select Committee considered whether an amendment was […]
The 21st June sitting of the Commons Defamation Bill Committee provided some hints at answers to my questions about the Bill’s definitions and process. On the question of who will be a “website operator”, able to benefit from the new defences, the Minister suggested this should be left to the courts, who can adapt to […]
Defamation Bill Second Reading
The Defamation Bill had its second reading in the House of Commons on Tuesday. Most of the MPs who talked about the new defences for website operators (clause 5 of the Bill) seemed to appreciate the complex balance between protecting reputation and protecting free speech, and agreed with the Justice Secretary: our current libel regime […]
Under current defamation law, if a website wants to avoid all risk of liability for material posted by third parties then its best approach is to not moderate postings when they are made, and remove them promptly when any complaint is made. As I’ve pointed out in various responses to consultations (and as now seems […]
Draft EU Regulation on eIdentities
The European Commission have proposed a draft eIdentity Regulation, to replace the current eSignatures Directive (99/93/EC). While the proposal is mostly concerned with inter-operability of national electronic IDs and improving the legal significance of digital signatures, timestamps, documents, etc. there are also some new requirements on “trust service providers”. According to Article 3(12), Trust Services […]
Choosing the Right Identifier
In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice […]