Categories
Articles

Data exports: update in 2017

The latest announcement from the Article 29 Working Party on the US-EU Privacy Shield also suggests that there shouldn’t be any short-term surprises for those using the other justifications for exporting personal data to the USA. The European Court judgment that invalidated the Safe Harbor agreement in 2015 was concerned, among other things, with the […]

Categories
Consultations

Culture, Media and Sport Committee Enquiry into Cybersecurity

Shortly after the recent attacks on TalkTalk the Culture, Media and Sport Committee decided to hold an inquiry into the circumstances surrounding the data breach, but also the wider implications for telecoms and internet service providers. This raised a number of issues around the premature speculation around the causes of the incident, cybersecurity within the telecoms industry, and […]

Categories
Presentations

A data protection model for production learning analytics

[UPDATE: the full paper describing this approach has now been published in the Journal of Learning Analytics] [based on Doug Clow’s liveblog of the talk I did at the LAEP workshop in Amsterdam] I was a law student when I first came across learning analytics; the idea of being asked “do you consent to learning […]

Categories
Articles

Privacy Shield – Unfinished Business

The Article 29 Working Party’s new Opinion on the US–EU Privacy Shield draft adequacy decision leaves a lot of questions unanswered and further prolongs the period of uncertainty for anyone transferring personal data from Europe to the USA. That began last October when the European Court of Justice declared that the US-EU Safe Harbor agreement […]

Categories
Articles

Disclosing personal data for criminal investigations

The Information Commissioner has published updated and extended guidance on the use of the Data Protection Act’s “section 29” exemption, based on cases and wider experience. This exemption is often used to release personal information (such as computer or network logs) to the police or other authorities investigating crimes, so sections 33-52 in particular are […]

Categories
Publications

A Data Protection Framework for Learning Analytics

Since becoming involved in Jisc’s work on learning analytics, I’ve been trying to work out the best place to fit the use of students’ digital data to improve education into data protection law. I’ve now written up those thoughts as a paper, and submitted it to the Journal of Learning Analytics. As the abstract says: […]

Categories
Articles

Data Protection: picking the right justification

There’s no doubt that some parts of the UK Data Protection Act and the EU Data Protection Directive are badly out of date and need revising. The world they were drafted for in the early 1990s has changed. One area that has worn much better is the six justifications for processing personal data: those still […]

Categories
Articles

Consent and the Role of the Regulator

Reading yet another paper on privacy and big data that concluded that processing should be based on the individual’s consent, it occurred to me how much that approach limits the scope and powers of privacy regulators. When using consent to justify processing, pretty much the only question for regulators is whether the consent was fairly […]

Categories
Articles

Protecting Information in 2015

Although it’s now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we’ll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming […]

Categories
Articles

Incentives for Intermediaries

One aspect of the Google Spain judgment I’ve not seen discussed is the incentives it creates for search engines. The European Court of Justice found that under some circumstances Data Protection law entitles an individual to demand that out of date and inaccurate results be removed from the results of a search for their name […]