As part of Jisc’s exploration of Artificial Intelligence, we’ve created a free “mini-MOOC” (mini, because you should be able to complete it in 30 minutes, or longer if you do the additional reading). We’re planning to run it monthly, but you can sign up any time for the next run. The course, and the format […]
BEREC, the board of European Telecoms Regulators, has just published its updated guidance on enforcing the Network Neutrality Regulation. Jisc has been working with the Forum of Incident Response and Security Teams (FIRST) for nearly five years to ensure that this legislation and guidance didn’t discourage legitimate practices to secure the operation of networks: this […]
Might some of the problems in applying data protection law to machine learning arise because we’re using too simple a model? Sometimes an over-simplified model can be hard to apply in practice. So here’s a model that’s a bit more complex but, I hope, a lot easier to apply. It’s also a lot more informative, […]
We’re delighted to have launched our Wellbeing Analytics Code of Practice, something we’ve been working on in the ICO’s Regulatory Sandbox for almost exactly a year. The resulting Code builds on Jisc’s widely-used Learning Analytics Code of Practice and includes tools for Data Protection Impact Assessment and Purpose Compatibility assessment. We hope it will give […]
A couple of new documents provide ideas on how to think about ethics when we deploy Artificial Intelligence. First is an article by Linda Thornton for EDUCAUSE, on Artificial Intelligence and Ethical Accountability. This looks at who should be thinking ethically, finding responsibilities for programmers, managers, marketers, salespeople and organisations that implement AI. Since this […]
Great to have my paper – “Processing Data to Protect Data: Resolving the Breach Detection Paradox” – published by ScriptEd. Everything you always wanted to know about logfiles and the GDPR: Why Data Protection requires breach detection; What’s the GDPR “Purpose” of breach detection; What’s “Necessary”, when it comes to breach detection; What Safeguards are […]
The recent Schrems II decision on Standard Contractual Clauses found that, in some situations, data exporters and importers might need to agree additional measures beyond just relying on SCCs. While we’re waiting for the Information Commissioner and EDPB to give more detailed advice on which situations and which measures, here are some themes I’ve spotted […]
[UPDATE 27/7/20: the ICO has now published a statement on the decision] On July 16th 2020, the European Court of Justice made its long-awaited decision in the case of Data Protection Commissioner [Ireland] v Facebook Ireland Ltd and Maximillian Schrems, generally known as “Schrems II”. This concerned two of the GDPR’s mechanisms for transferring personal […]
[Update: a recording of my talk is now available] When I submitted my proposal for a talk at the EUNIS 2020 conference, I was planning to talk about the need to work with staff and students to agree why and how to use intelligent campus sensors and data. That was intended to be looking into […]
It seems a long time since I wrote about the ePrivacy Regulation. This was supposed to come into force alongside the GDPR, back in May 2018, and provide specific guidance on its application to the communications sector. You may remember it as “Cookie law”, though it was never just that. Unfortunately its scope grew and, […]