Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
The European Data Protection Board’s (EDPB) latest Guidelines further develop the idea that we should not always expect relationships involving personal data to have a single legal basis. Although the subject of the Guidelines is the legal basis “Necessary for Contract”, much of the text is dedicated to pointing out the other legal bases that […]
While colleagues are looking at whether data can be used to pick up early signs of mental health and wellbeing problems, I’m exploring possible legal frameworks for doing that safely. As the diagram shows, trying to deliver an early warning service to all students falls into a gap between three reasonably familiar areas of data […]
In data protection circles, the phrase “Safe Harbour” doesn’t have a great reputation. Wikipedia describes those as setting hard boundaries around an area where “a vaguer, overall standard” applies. Famously, in 2015, the European Court of Justice struck down the data protection Safe Harbor arrangement negotiated between the European Commission and the US Government. So […]
[Re-purposing an unused introduction to my full paper – “See no… Hear no… Track no..: Ethics and the Intelligent Campus” – that was published in the Journal of Information Rights, Policy and Practice this week] The Intelligent Campus is a microcosm of the Smart City. Smart cities, according to Finch and Tene, may be “more […]
To my ex-programmer ears, phrases like “web 2.0” and “industry 4.0” always sound a bit odd. Sectors don’t have release dates, unlike Windows 10, iOS 12 or Android Oreo. Oddly, one field that does have major version releases is the law: it would be quite reasonable to view 25th May 2018 as the launch of […]
In a workshop at last week’s AMOSSHE conference, we discussed how wellbeing analytics might be able to assist existing Student Support services. Slides: jisc andrew cormack 4×3 v2 Student support is simplest when an individual themselves asks for help: a support service can immediately begin to discuss – using toolkits such as that developed by UHI […]
Earlier this week I did a presentation to a group from Dutch Universities on the ethics work that Jisc has done alongside its studies, pilots and services on the use of data. This covered the development of our Learning Analytics Code of Practice, as well as our plans to apply that Code to wellbeing applications, […]
Shortly after we did out first Data Protection Impact Assessments, on the Janet Security Operations Centre and the Jisc Learning Analytics Service, the ICO published its DPIA guidance. This contained a few minor additions, which have been added to this new version of our information gathering cribsheet: In section (a) the nature of processing should […]
Incident response teams often share information when investigating incidents. Some patterns may only become apparent when data from different networks are compared; other teams may have skills – such as analysing malware – to understand data in ways we cannot. Since much of this information includes IP or email addresses – information classed as Personal […]
Under current plans the UK will become – for data protection purposes – a “third country” when it leaves the EU. Although the UK Government has stated that the rules for transferring personal data from the UK to the EU will remain the same, any transfers from the EU to the UK will need to […]