Federated access management can make things nice and simple for both the user and the service they are accessing. By logging in to their home organisation the user can have that organisation release relevant information to the service – “I am a student”, “this is my e-mail address” and so on. And because that information […]
Tag: Data Protection Regulation
Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
Many of the problems in applying European Data Protection Law on-line arise from uncertainty over whether the law covers labels that allow an individual to be recognised (i.e. “same person as last time”) but not – unless you are the issuer of the label – identified (i.e. “Andrew again”). The Article 29 Working Party have […]
MoJ Data Protection Response
An interesting morning yesterday at the launch of the Ministry of Justice’s Response to the Call for Evidence on the Current Data Protection Legislative Framework. JANET’s evidence focussed on the difficulties of applying data protection law to the Internet: the current law has proved unclear on the status of IP addresses and similar pseudonymous identifiers, […]
MoJ: Data Protection Law
The Ministry of Justice has been seeking evidence to inform its input into the ongoing revision of the European Data Protection Directive (95/46/EC). I’ve submitted a JANET response, covering three issues where we frequently trip over problems with either the interpretation or the use of the current Directive and the Data Protection Act 1998 that […]
For a while there has been one pair of contradictory answers to the question of whether an IP address was personal data. Two different German courts were asked about addresses in the log of a web server: one said that was personal data, the other said it wasn’t. Now we seem to have another pair. […]
Data Protection Revision Delayed
An interesting report from the French data protection authority (CNIL) that the European Commissioner has announced a delay in the proposed revision of the European Data Protection Directive 95/46/EC. Rather than publishing a draft Directive later this year, it seems that the plan is now to publish a report this autumn with the draft expected […]
Data Protection Directive Meeting
I had an interesting day in Brussels yesterday, providing input for the Commission’s revision of the 1995 Data Protection Directive. Invitations had been sent to those who responded to the consultation last year, so a wide variety of organisations were present, including banking, marketing, medical, consumer rights, content industries and telecommunications operators. There was general […]
For a while I’ve been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can’t. Indeed […]
Thoughts on Data Breach Notification
Regulators and governments are moving towards creating a requirement that anyone who suffers a security breach affecting personal data would have to report it. A number of American states already have such laws, the recent revision of the European Telecoms Framework Directive introduced a breach notification requirement for telecoms providers and the Commissioner has stated […]
The Commission have been running a consultation for several months to inform a possible revision of the Data Protection Directive (95/46/EC), which is now fifteen years old and starting to creak under the strain of new ways of doing business. I’ve sent in a JANET(UK) response raising issues we’ve tripped over in developing the UK […]