Thoughts on regulatory and ethical issues relating to the use of technology in education and research
I’ve been reading about Slow Computing and the need for ‘digital forgetting’. But, unlike the GDPR Right to Erasure, human forgetting isn’t clean: more often involving uncertainty rather than simple elimination. That leaves our database in a different state: whereas digital erasure has no effect on the records that remain, much of our human memory […]
Feedback and performance review are routine parts of many employment relationships. So it’s surprising to find that they take us into obscure corners of data protection law. Regulators have been clear for more than a decade that an opinion about someone is personal data, but there has been much less exploration of the fact that […]
Under the GDPR’s breach notification rules, it’s essential to be able to quickly assess the level of risk that a security breach presents to individual data subjects. Any breach that is likely to result in a risk to the rights and freedoms of natural persons must be reported to the relevant data protection authority, with […]
More than a decade ago, European data protection regulators identified the problem of “consent fatigue”, where website users were overwhelmed with multiple requests to give consent for processing of their personal data. In theory, responding to those requests let individuals exercise control but, in practice, it seemed more likely that they were just clicking whatever […]
Terminology matters. OK, you’d expect me to say that, as a sometime mathematician, engineer and lawyer. But the importance to all of us is highlighted by a confusing tangle of terminology that has grown out of Ann Cavoukian’s original idea of “Privacy by Design”. That phrase was introduced in 1995 – just too late to […]
A few years ago I wrote a post on how the GDPR copes with situations when there was a conflict between the obligation to prevent, detect and investigate incidents and the obligation to inform all those whose personal data you process. Do you, for example, need to inform someone who is attacking your systems that […]
Over the past decade or more, we’ve developed federated access management as a technical, policy and legal framework to exchange up-to-date information to help current staff and students access the resources they need. Authentication, status and membership information all need to be fresh to be useful and frequent use makes it worth organisations entering into […]
A colleague spotted an article suggesting, among other things, that Virtual Reality could provide a safe space for students to practice their soft skills. This can, of course, be done by classroom roleplay but the possibility of making mistakes that fellow students will remember could well increase stress. This certainly chimes with feedback I received […]
Recently I was in a video-conference where Apple’s “smart” assistant kept popping up on the presenter’s shared screen. Another delegate realised this happened whenever the word “theory” was spoken. It’s close… These events – which I refer to as “false-wakes” – are privacy risk: maybe small, but that depends very much on the nature of […]
[Update (Nov’21): I’ve discovered that Patrick Breyer MEP has published a “parallel text” of the three current proposals (Commission, Parliament and Council). Not exactly easy reading, but it makes it much easier to see where they are similar, and where there remain significant differences] [Original (Feb’21) post…] After four years, and nearly three years after […]