Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
The Information Commissioner’s Office has published a new article on how they are responding to the European Court’s Safe Harbor judgment. The overall message is that data controllers should take stock and not panic. While noting that the judgment does remove some of the former legal certainty, the ICO is “certainly not rushing to use […]
The Article 29 Working Party of European Data Protection supervisors has now published its response to the European Court’s ruling that the US-EU Safe Harbor agreement can no longer be relied upon when exporting personal data from the European Economic Area. Like the UK Information Commissioner’s earlier statement, they recognise that data exporters and US […]
The European Court’s declaration today that the European Commission’s fifteen year old decision on the US Safe Harbor scheme is no longer reliable is another recognition that Data Protection requires continuing assessment, rather than one-off decisions. European regulators have been recommending for years that neither data controllers nor companies to which they export data should […]
The new European Data Protection Regulation is relevant to many areas of our work. Yesterday I had the opportunity to look at its likely effect on information security at a Jisc Special Interest Group meeting. For now, we’re still working from the three draft texts published by the European Commission in 2012, the Parliament in […]
A helpful comment on page 3 of the Information Commissioner’s discussion of the latest (Council) draft of the General Data Protection Regulation: We reiterate our view that there must be realistic alternatives to consent – for example ‘legitimate interests’ where the data processing is necessary to provide the goods or services that an individual has […]
Since becoming involved in Jisc’s work on learning analytics, I’ve been trying to work out the best place to fit the use of students’ digital data to improve education into data protection law. I’ve now written up those thoughts as a paper, and submitted it to the Journal of Learning Analytics. As the abstract says: […]
After more than three years of discussion, all three components of the European law making process have now produced their proposed texts for a General Data Protection Regulation should look like. The Council of Ministers’ version published last week adds to the Commission’s 2012 original and the Parliament text (unofficial consolidated version) agreed last March. […]
There’s no doubt that some parts of the UK Data Protection Act and the EU Data Protection Directive are badly out of date and need revising. The world they were drafted for in the early 1990s has changed. One area that has worn much better is the six justifications for processing personal data: those still […]
At the FIRST conference this week I presented ideas on how effective incident response protects privacy. Indeed, since most common malware infects end user devices and hides itself, an external response team may be the only way the owner can learn that their private information is being read and copied by others. The information sources […]
Last week I gave a seminar “Big Data Wrongs and Rights” at Southampton University on how data protection law could provide support and guidance for universities’ use of learning analytics. The next day Jisc launched a Code of Practice on Learning Analytics, which puts many of the same ideas into practical form. After the seminar […]