[21/6: Added more examples of public engagement] [22/3: Updated analysis of why read-only access fits within the para 8 exemption] The Government has now published its Online Safety Bill: the text that will be debated, and no doubt amended, in Parliament. Compared to last summer’s draft, this is somewhat clearer on whether platforms operated by […]
[Script for a presentation at a recent Westminster Education Forum event…] Back in February 2020 we knew what assessment looked like. Jisc had just published “The Future of Assessment”, setting five targets – Authentic, Accessible, Appropriately Automated, Continuous, and Secure – to aim for by 2025. Then COVID made us all look at assessment through […]
We’ve been talking to computers for a surprisingly long time. Can you even remember when a phone menu first misunderstand your accent? Obviously there have been visible (and audible) advances in technology since then: voice assistants are increasingly embedded parts of our lives. A talk by Joseph Turow to the Privacy and Identity Lab (a […]
Information sharing, trust, and more…
Using and sharing information can create benefits, but can also cause harm. Trust can be an amplifier in both directions: with potential to increase benefit and to increase harm. If your data, purposes and systems are trusted – by individuals, partners and society – then you are likely to be offered more data. By choosing […]
Managing the risks of Subject Access
My LLM dissertation (published ($$) in 2016 as “Is the Subject Access Right Now Too Great a Threat to Privacy?”) discussed the challenge of reliably identifying a data subject who you only know through pseudonymous digital channels or identifiers. Others have conducted practical experiments, finding that it would, indeed, be relatively easy to use GDPR […]
Automating Digital Infrastructures
Most of our digital infrastructures rely on automation to function smoothly. Cloud services adjust automatically to changes in demand; firewalls detect when networks are under attack and automatically try to pick out good traffic from bad. Automation adjusts faster and on a broader scale than humans. That has advantages: when Jisc’s CSIRT responded manually to […]
Do we need a “Right of (Data) Decay”?
I’ve been reading about Slow Computing and the need for ‘digital forgetting’. But, unlike the GDPR Right to Erasure, human forgetting isn’t clean: more often involving uncertainty rather than simple elimination. That leaves our database in a different state: whereas digital erasure has no effect on the records that remain, much of our human memory […]
Feedback and performance review are routine parts of many employment relationships. So it’s surprising to find that they take us into obscure corners of data protection law. Regulators have been clear for more than a decade that an opinion about someone is personal data, but there has been much less exploration of the fact that […]
Data Breaches: assessing risk
Under the GDPR’s breach notification rules, it’s essential to be able to quickly assess the level of risk that a security breach presents to individual data subjects. Any breach that is likely to result in a risk to the rights and freedoms of natural persons must be reported to the relevant data protection authority, with […]
Consent: control or formality?
More than a decade ago, European data protection regulators identified the problem of “consent fatigue”, where website users were overwhelmed with multiple requests to give consent for processing of their personal data. In theory, responding to those requests let individuals exercise control but, in practice, it seemed more likely that they were just clicking whatever […]