This morning’s discussion – jointly hosted by the All-Party Parliamentary Groups on Data Analytics and Health – suggested that if we want uses of health data to be trusted, we need to trust citizens and patients to think more deeply about benefits and risks than media headlines might suggest. The session was inspired by a […]
Tag: Data Protection Regulation
Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
Assessing our security services
Jisc performs a number of different activities to keep Janet and customer sites secure. Here’s a very short video on how we used a Data Protection Impact Assessment and a Legitimate Interests Assessment to check that those activities do not themselves create disproportionate risks. You can read the reports: Security Operations Centre (SOC): Data Protection Impact […]
Since it has provided the foundation for most of the work I’ve been doing on data for the past couple of years, I’ve recorded a video explaining our standard model for “analytics”, in both practical and legal terms If you’d like to know more, a couple of papers set out the theory Downstream Consent: a […]
Where should I put my data?
After a couple of years when the question of data location had dropped a little down the priority list, two things have pushed it back up again. First, the Schrems II decision of the European Court, which cancelled the US-EU Privacy Shield and added some – but it’s not yet clear how onerous – new […]
Incident Response and Law
On and off, I’ve been researching the legal aspects of incident detection and response for fifteen years, and published more than 25000 words in law journals. So, can that be summarised in less than five minutes? You judge… And if you’d like to read more, here are the original papers: Processing Data to Protect Data: […]
Intelligent Campus DPIA Toolkit
I’m pleased to announce the publication of our Intelligent Campus Data Protection Impact Assessment Toolkit. Intelligent Campuses use existing data and new sensors to deliver better places to study, work, live and socialise. But there’s a risk with any use of data or sensors that even the best-intentioned ideas will be misused or misunderstood: as […]
Thinking creatively about COVID-19
Lilian Edwards gave a fascinating keynote at the UK IGF this morning, on Protecting Digital Rights During a Pandemic. Though privacy is the most often discussed right in the context of pandemic response, rights of free speech and free assembly also need to be borne in mind. Although the impact of national schemes (contact tracing […]
Brexit in 58 seconds…
Colleagues set me the challenge of saying something about my work in one minute. So here (on YouTube) is a “peacast” – my wife says it’s too small to be a “podcast” – on Brexit and GDPR: Comments very welcome on the format and, if you like it, suggestions for any other topics I could […]
Machine Learning and Data Protection
Might some of the problems in applying data protection law to machine learning arise because we’re using too simple a model? Sometimes an over-simplified model can be hard to apply in practice. So here’s a model that’s a bit more complex but, I hope, a lot easier to apply. It’s also a lot more informative, […]
We’re delighted to have launched our Wellbeing Analytics Code of Practice, something we’ve been working on in the ICO’s Regulatory Sandbox for almost exactly a year. The resulting Code builds on Jisc’s widely-used Learning Analytics Code of Practice and includes tools for Data Protection Impact Assessment and Purpose Compatibility assessment. We hope it will give […]