Categories
Presentations

Thinking with GDPR

[Based on a presentation for the NISO Plus conference, February 22-25, 2021] One thing it seems everyone knows about Europe is that we have a strong privacy law: the General Data Protection Regulation, or GDPR. In this talk I’d like to get you viewing that not just as a law, but as a really useful […]

Categories
Articles

WHOIS access and the NIS2 Directive

The European Commission’s proposed update of the Network and Information Security Directive may revive discussions about access to WHOIS data. When a domain name is registered, contact details are typically requested for various purposes, including billing, administrative and technical questions. For most of the history of the DNS this ‘WHOIS’ data – including names, postal […]

Categories
Peacasts

Thinking (using COVID-19) about location data

During the pandemic, a lot of ideas have come up – not just contact tracing! – where useful information might be derived from location data. It struck me that a selection of those might be an interesting illustration of how intrusiveness isn’t just about the data we use, but what we use it for. Here’s […]

Categories
Articles

Sandbox Tales: Public Interest and Privacy Notices

The latest report on ICO sandbox participation contains a rapid pivot, and some useful discussion of the “public interest” justification for processing. Back in mid-2019, NHS Digital was awarded a sandbox place for a system for recruiting volunteers into clinical trials (the actual conduct of trials is out of scope). A few months into 2020 […]

Categories
Articles

Schrems II: EDPB draft Guidance on exporting personal data

The European Data Protection Board (the gathering of all EU Data Protection Regulators) has now published its initial guidance on transfers out of the EEA following the Schrems II case. This recommends that exporting organisations follow a similar roadmap to the earlier one from the European Data Protection Supervisor (who regulates the EU institutions). In […]

Categories
Articles

AI Training: Adequate, Relevant and not Excessive!

It’s still common to hear stories where privacy is supposedly in conflict with other objectives. I’ve been writing for years about how that’s not the case in security or access management. This morning’s ICO webinar on Security and Data Minimisation in Artificial Intelligence came up with a counter-example in that field, too… You might think […]

Categories
Articles

Sandbox Tales – Information Sharing Platforms

The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at information sharing… FutureFlow’s Transaction Monitoring and Forensic Analysis Platform lets financial institutions such as banks upload pseudonymised transaction data to a common platform where they, regulators […]

Categories
Articles

Sandbox Tales: Machine Learning

The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at machine learning… Onfido’s engagement looked at how to train and review the performance of machine learning models. In thinking about that I’d concluded that the GDPR […]

Categories
Articles Tools

EPDS initial roadmap for Schrems II judgment

The European Data Protection Supervisor (EDPS) has responded to the Schrems II judgment with a risk-based roadmap for EU institutions: Perform an inventory of all flows of personal data to entities outside the EU; Priority for change will be existing transfers with either no legal basis, those based on a derogation, and those to organisations […]

Categories
Presentations

Care with “Ethics”

I was invited to be a “catalyst” or “provocateur” for a discussion on Data Ethics, hosted by the Institute for the Ethics of AI in Education. Here goes… This has definitely been my “summer of Ethics”: I’ve read, listened, discussed and learned a lot. Mostly good, but here are four tendencies that concern me. Don’t […]