Categories
Articles

ECJ on Copyright Injunctions: Hosting Providers

After ruling last year on the balance between the rights of copyright holders, users and network providers, the European Court of Justice has now ruled on the same question applied to the case of a hosting provider, the social network Netlog. As in the earlier Scarlett case, the copyright collecting society (SABAM) had asked the […]

Categories
Articles

Understanding Threats to Mobile Computing

An interesting talk by Ken van Wyk on threats to mobile devices at the FIRST/TF-CSIRT meeting last week. While it’s tempting to treat smartphones just as small-screen laptops (let’s face it, users do!) there are significant differences in the threats to which the two types of devices are exposed. These need to be recognised in […]

Categories
Articles

Data Protection Proposal: Federated Access Management

The European Commission’s proposed Data Protection Regulation supports recent thinking in moving away from using consent as a basis for federated access management systems. The consent of the data subject is still one of the legitimate grounds for processing personal data but it cannot be used “where there is a significant imbalance” between the organisation […]

Categories
Articles

Data Protection Proposal: Privacy Breaches

In dealing with breaches of privacy the Commission’s enthusiasm to protect and reassure Internet users seems to run the risk of having the opposite effect. Article 4(9) of the proposed Regulation defines ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, […]

Categories
Articles

Data Protection Proposal: Cloud Computing

Cloud computing, whose whole point is to be independent of geography, does not fit comfortably into current data protection law. The Commission’s new proposal at least shows signs that clouds were a use case that was considered during drafting, so it is more obvious which provisions apply to them. These seem to offer a mixture […]

Categories
Articles

Data Protection Proposal: Incident Response

The Commission’s proposed Data Protection Regulation seems very positive for Incident Response. Indeed Recital 39 explicitly supports the work of Incident Response Teams: The processing of data to the extent strictly necessary for the purposes of ensuring network and information security … by public authorities, Computer Emergency Response Teams … providers of electronic communications networks […]

Categories
Articles

Europe’s Data Protection Proposal

Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There’s a lot in the proposal so this post will just […]

Categories
Articles

ECJ on Copyright Injunctions

The European Court of Justice has set some limits for the sorts of measures that ISPs can be compelled to implement to discourage copyright breach by their networks. Back in 2004 the Belgian rightsholder representative SABAM sought a court order requiring an ISP, Scarlet, to install devices on its network that inspected the content of […]

Categories
Articles

Processing personal data for third party interests

An interesting reminder from the European Court of Justice (ECJ) that the Data Protection Directive (95/46/EC) is supposed to make processing and exchanging personal data easier as well as safer. The Directive contains a number of different reasons justifying processing of personal data (gathered together as Schedule 2 of the UK Data Protection Act 1998), […]

Categories
Articles

Website Blocking: Copyright

The latest judgment from the BT/Newzbin case sets out what BT will be required to do to prevent its users accessing the Newzbin2 website that an earlier case found to be breaching copyright. From next month, BT will be required to add the Newzbin URLs to the system it already uses to limit access to […]