Categories
Articles

Data Protection Developments: How to Cope

I’ve been at several conferences recently on how Data Protection law is developing, and they’ve left me less than optimistic. By the end of 2015 Europe will have been working for four years on a Regulation “on the protection of individuals with regard to the processing of personal data and on the free movement of […]

Categories
Articles

Internet regulation after the Google Spain case

Yesterday’s excellent University of Cambridge conference on Internet Regulation After Google Spain suggested that data protection law will continue to affect a growing range of our activities, but that interpreting its requirements in novel circumstances will continue to be challenging. It was suggested that if the current (1995) European Directive was for the age of […]

Categories
Articles

Apples and Oranges

In discussions of the “Right to be Forgotten” it is often observed that Google manages each month to deal with tens of millions of delisting requests for breach of copyright, as opposed to tens of thousands for inaccurate personal data. Often the implication seems to be that those numbers should be more similar. However it […]

Categories
Articles

Why Google Spain worries me

Next month I’ll be going to an academic conference on Google Spain and the “Right to be Forgotten” (actually, “right to be delinked”) so I thought I’d better organise my thoughts on why, as a provider and user of communications and information services, the decision worries me. And I am much more worried by the […]

Categories
Articles

Guidelines for Using Student Data

During a recent conversation about learning analytics it occurred to me that it might be helpful to analyse how universities use student data in terms of the different justifications provided by UK and European Data Protection Law. Although the ‘big data’ techniques used in learning analytics are sometimes said to be challenging for both law […]

Categories
Articles

Consent and the Role of the Regulator

Reading yet another paper on privacy and big data that concluded that processing should be based on the individual’s consent, it occurred to me how much that approach limits the scope and powers of privacy regulators. When using consent to justify processing, pretty much the only question for regulators is whether the consent was fairly […]

Categories
Articles

Protecting Information in 2015

Although it’s now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we’ll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming […]

Categories
Articles

How much complexity should we see?

A couple of sessions at the VAMP2013 workshop in Helsinki related to complexity and how best to express it to users. Bob Cowles pointed out that current access management systems can involve a lot of complexity even to reach the binary decision whether or not to allow a user to access a resource. This might, […]

Categories
Presentations

Sharing Information to Protect Privacy

I was invited to give a presentation on legal and ethical issues around information sharing at TERENA’s recent security services workshop. The talk highlighted the paradox that sharing information is essential to protect the privacy of our users when their accounts or computers have been compromised, but that sharing can also harm privacy if it’s […]

Categories
Articles

Is there a “Right To Be Forgotten”? I don’t know

A number of people have asked me what the recent European Court judgment in the Google “right to be forgotten” case means; here’s why I have been answering that I don’t know! The case concerned a fifteen-year old article in a Spanish newspaper about a named individual who had got into financial difficulties. The individual, […]