I’ve been at several conferences recently on how Data Protection law is developing, and they’ve left me less than optimistic. By the end of 2015 Europe will have been working for four years on a Regulation “on the protection of individuals with regard to the processing of personal data and on the free movement of […]
Tag: Data Protection Regulation
Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
Yesterday’s excellent University of Cambridge conference on Internet Regulation After Google Spain suggested that data protection law will continue to affect a growing range of our activities, but that interpreting its requirements in novel circumstances will continue to be challenging. It was suggested that if the current (1995) European Directive was for the age of […]
Apples and Oranges
In discussions of the “Right to be Forgotten” it is often observed that Google manages each month to deal with tens of millions of delisting requests for breach of copyright, as opposed to tens of thousands for inaccurate personal data. Often the implication seems to be that those numbers should be more similar. However it […]
Why Google Spain worries me
Next month I’ll be going to an academic conference on Google Spain and the “Right to be Forgotten” (actually, “right to be delinked”) so I thought I’d better organise my thoughts on why, as a provider and user of communications and information services, the decision worries me. And I am much more worried by the […]
Guidelines for Using Student Data
During a recent conversation about learning analytics it occurred to me that it might be helpful to analyse how universities use student data in terms of the different justifications provided by UK and European Data Protection Law. Although the ‘big data’ techniques used in learning analytics are sometimes said to be challenging for both law […]
Consent and the Role of the Regulator
Reading yet another paper on privacy and big data that concluded that processing should be based on the individual’s consent, it occurred to me how much that approach limits the scope and powers of privacy regulators. When using consent to justify processing, pretty much the only question for regulators is whether the consent was fairly […]
Protecting Information in 2015
Although it’s now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we’ll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming […]
How much complexity should we see?
A couple of sessions at the VAMP2013 workshop in Helsinki related to complexity and how best to express it to users. Bob Cowles pointed out that current access management systems can involve a lot of complexity even to reach the binary decision whether or not to allow a user to access a resource. This might, […]
I was invited to give a presentation on legal and ethical issues around information sharing at TERENA’s recent security services workshop. The talk highlighted the paradox that sharing information is essential to protect the privacy of our users when their accounts or computers have been compromised, but that sharing can also harm privacy if it’s […]
A number of people have asked me what the recent European Court judgment in the Google “right to be forgotten” case means; here’s why I have been answering that I don’t know! The case concerned a fifteen-year old article in a Spanish newspaper about a named individual who had got into financial difficulties. The individual, […]