Categories
Articles

Explaining Network Telemetry

A really interesting series of talks on how to gather and share information about the performance of networks at today’s GEANT Telemetry and Data Workshop. One of the most positive things was a clear awareness that this information can be sensitive both to individuals and to connected organisations. So, as the last speaker, I decided […]

Categories
Articles

Right to Object: Public Interest Processing

GDPR Article 21 provides a “right to object” whenever personal data are processed based on either Legitimate Interests or Public Interests. In both cases, an individual can highlight “grounds relating to his or her personal situation” and require the data controller to consider whether there remain “compelling legitimate grounds for the processing which override the […]

Categories
Articles

Right to Object: an Opportunity to Improve?

I was invited to contribute to a seminar on the Right to Object (RtO). Normally this GDPR provision is seen as a way to prevent harm to a particular individual because of their special circumstances. But I wondered whether data controllers could also use the RtO process as an opportunity to review whether their processing […]

Categories
Articles

Online Safety Bill – Outsourced Platforms

When the Government first announced plans to regulate online discussion platforms I wondered whether small organisations would be able to outsource the compliance burden to a provider better equipped to deliver rapid and effective response. Clause 180(2) of the Online Safety Bill suggests the answer is yes: The provider of a user-to-user service is to […]

Categories
Articles

Online Safety Bill – Educational Institutions

[21/6: Added more examples of public engagement] [22/3: Updated analysis of why read-only access fits within the para 8 exemption] The Government has now published its Online Safety Bill: the text that will be debated, and no doubt amended, in Parliament. Compared to last summer’s draft, this is somewhat clearer on whether platforms operated by […]

Categories
Presentations

What’s the Role of Technology in Assessment?

[Script for a presentation at a recent Westminster Education Forum event…] Back in February 2020 we knew what assessment looked like. Jisc had just published “The Future of Assessment”, setting five targets – Authentic, Accessible, Appropriately Automated, Continuous, and Secure – to aim for by 2025. Then COVID made us all look at assessment through […]

Categories
Articles

Voice Processing: opportunities and controls

We’ve been talking to computers for a surprisingly long time. Can you even remember when a phone menu first misunderstand your accent? Obviously there have been visible (and audible) advances in technology since then: voice assistants are increasingly embedded parts of our lives. A talk by Joseph Turow to the Privacy and Identity Lab (a […]

Categories
Articles

Information sharing, trust, and more…

Using and sharing information can create benefits, but can also cause harm. Trust can be an amplifier in both directions: with potential to increase benefit and to increase harm. If your data, purposes and systems are trusted – by individuals, partners and society – then you are likely to be offered more data. By choosing […]

Categories
Articles

Managing the risks of Subject Access

My LLM dissertation (published ($$) in 2016 as “Is the Subject Access Right Now Too Great a Threat to Privacy?”) discussed the challenge of reliably identifying a data subject who you only know through pseudonymous digital channels or identifiers. Others have conducted practical experiments, finding that it would, indeed, be relatively easy to use GDPR […]

Categories
Articles

Automating Digital Infrastructures

Most of our digital infrastructures rely on automation to function smoothly. Cloud services adjust automatically to changes in demand; firewalls detect when networks are under attack and automatically try to pick out good traffic from bad. Automation adjusts faster and on a broader scale than humans. That has advantages: when Jisc’s CSIRT responded manually to […]