The Article 29 Working Party have published an interesting toolbox for Binding Corporate Rules (BCR) for Data Processors. BCRs for Data Controllers have been suggested for some time as a way that large multi-national companies can comply with European Data Protection law. By having its internal rules for handling personal data approved as compliant with […]
Tag: Data Protection Directive
Posts on the (pre-2016) Data Protection Directive. For more recent information, see Data Protection Regulation, which covers the GDPR
An interesting reminder from the European Court of Justice (ECJ) that the Data Protection Directive (95/46/EC) is supposed to make processing and exchanging personal data easier as well as safer. The Directive contains a number of different reasons justifying processing of personal data (gathered together as Schedule 2 of the UK Data Protection Act 1998), […]
Categories
The Definition of Consent
Although consent is a key concept in Data Protection, discussions of it often seem confused and legal interpretations inconsistent. For example the European Commission has in the past called both for a crackdown on the over-use of consent and for all processing of personal data to be based on consent! A new Opinion on the […]
Categories
Privacy Riskiness for Access Management
On a privacy course I teach for system and network managers I suggest a scale of “privacy riskiness”, the idea there being that if you can achieve an objective using information from lower down the scale then you run less risk of upsetting your users and/or being challenged under privacy law. That scale is very […]
For a while there has been one pair of contradictory answers to the question of whether an IP address was personal data. Two different German courts were asked about addresses in the log of a web server: one said that was personal data, the other said it wasn’t. Now we seem to have another pair. […]