Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of activities that are not permitted on the network. […]
Recently I’ve been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students’ consent. The resulting blog post is at https://analytics.jiscinvolve.org/wp/2017/02/16/consent-for-learning-analytics-some-practical-guidance-for-institutions/
These are Jisc’s comments on the Article 29 Working Party’s Guidelines on the Right to Data Portability (WP242). Jisc is the UK’s expert body for digital technology and digital resources in higher education, further education and research. Since its foundation in the early 1990s, Jisc has played a pivotal role in the adoption of information […]
Last October the European Court of Justice confirmed that websites do have a legitimate interest in security that may justify the processing of personal data. That case (Breyer) overruled a German law that said websites could only process personal data for the purpose of delivering the pages requested by users. As far as I know, […]
[UPDATE: I’ve added links to the Codes of Practice that authorities will use when preparing each of the orders] Under the current Regulation of Investigatory Powers Act 2000 (RIPA), organisations that operate their own private computer networks may receive three different orders relating to those systems. Any organisation that receives an order is, subject to […]
At the request of the Research Councils UK e-Infrastructure group, Janet established a working group from 2013-2016 to support those providing and using e-infrastructure services in achieving an approach that both protects services from threats and is usable by practitioners. More detail about the group can be found in the Terms of Reference. The Working […]
While some e-infrastructures included accounting in their design and operations from the start, others are now being asked or required to add accounting support to their existing systems. Typically accounting forms part of a relationship between the infrastructure and some other organisation – perhaps a funder, host or customer – rather than the infrastructure’s relationship […]
[Update: Jisc has responded to the Working Party’s invitation to comment on these guidelines] The General Data Protection Regulation contains one new right for individuals – data portability (Article 20). Some commentators have suggested that this is just a digital form of the existing subject access right, but the Article 29 Working Party’s new guidance […]
After (too) many years, I’ve turned the ideas from my original TF-CSIRT documents into a formal academic paper, which has just been published in the open access law journal, SCRIPTed: Andrew Cormack, “Incident Response: Protecting Individual Rights Under the General Data Protection Regulation”, (2016) 13:3 SCRIPTed 258 https://script-ed.org/?p=3180 The new General Data Protection Regulation provides […]
The European Commission recently published wide proposals to reform copyright law. One particular concern is that the proposals appear to reduce the existing legal protections for sites that host third party content. Under the current e-Commerce Directive, such sites are generally protected from liability until they are informed of allegedly infringing content (Article 14), and […]