Categories
Articles

Ethical AI – HOWTO

A couple of new documents provide ideas on how to think about ethics when we deploy Artificial Intelligence. First is an article by Linda Thornton for EDUCAUSE, on Artificial Intelligence and Ethical Accountability. This looks at who should be thinking ethically, finding responsibilities for programmers, managers, marketers, salespeople and organisations that implement AI. Since this […]

Categories
Publications

Incident Detection and GDPR

Great to have my paper – “Processing Data to Protect Data: Resolving the Breach Detection Paradox” – published by ScriptEd. Everything you always wanted to know about logfiles and the GDPR: Why Data Protection requires breach detection; What’s the GDPR “Purpose” of breach detection; What’s “Necessary”, when it comes to breach detection; What Safeguards are […]

Categories
Articles

Schrems II: SCCs plus… what?

The recent Schrems II decision on Standard Contractual Clauses found that, in some situations, data exporters and importers might need to agree additional measures beyond just relying on SCCs. While we’re waiting for the Information Commissioner and EDPB to give more detailed advice on which situations and which measures, here are some themes I’ve spotted […]

Categories
Articles

ECJ invalidates Privacy Shield; Model Clauses valid but may not be sufficient

[UPDATE 27/7/20: the ICO has now published a statement on the decision] On July 16th 2020, the European Court of Justice made its long-awaited decision in the case of Data Protection Commissioner [Ireland] v Facebook Ireland Ltd and Maximillian Schrems, generally known as “Schrems II”. This concerned two of the GDPR’s mechanisms for transferring personal […]

Categories
Articles

AI: Don’t Stare

An interesting virtual water-cooler discussion with colleagues who are exploring the potential of AI as a Service. They tested a selection of easily available cloud face-processing systems on a recording of one of our internal Zoom meetings, and were startled by the results. Face identification wasn’t a surprise: everyone who has changed the background on […]

Categories
Publications

IDPro Body of Knowledge

I was delighted to be invited to contribute an article to IDPro’s Body of Knowledge for professionals working in the field of digital identity. Mine is (of course) on how the GDPR applies to identity management. But as well as standards and regulation the collection is steadily expanding to cover things like privacy for consumers, […]

Categories
Publications

Maintaining trust in University data handling

WONKHE has published my article on the need to be careful in introducing, and withdrawing, with any post-virus data processing (the absolute sub-head isn’t mine!) Maintaining trust in university data handling

Categories
Articles

Consent/Ethics? There’s more…

As data protection regulators keep reminding us, the research and data protection communities mean different things when they talk about “consent”. A couple of recent conversations have made me wonder whether that terminology clash may have another effect: are those putting research into practice missing out on existing guidance that could help with that transition? […]

Categories
Articles

COVID-19 Cyber Threat Coalition and GDPR

[Notes: This isn’t legal advice, but I hope it will reassure anyone considering supporting the COVID-19 Cyber Threat Coalition that the data protection risks should be very low; This only covers the use of data for defending systems, networks, data and users; use for offense, including attribution and evidence, is covered by separate legislation, which […]

Categories
Articles

AI and Ethics: GDPR and beyond

The EU High-Level Expert Group’s (HLEG) Ethics Guidelines for Trustworthy AI contain four principles and, derived from them, seven requirements for AI systems. The Guidelines do not discuss the need for AI to be lawful, but the expansion of Data Protection law beyond just privacy into areas formerly considered part of Ethics means that much […]