I was asked recently how I saw current legal developments in Europe affecting the work of incident response teams, so here’s a summary of my thoughts. Understanding Data Protection law has always been a problem for incident response. Some of the information needed to detect and resolve incidents is personal data but laws are unclear […]
Tag: Data Retention Directive
Posts on the 2006 Data Retention Directive, which was ruled incompatible with EU law in 2014, but which continues to have a zombie existence in national – and occasionally EU – laws
The Joint Committee on the Draft Communications Bill has published its report, concluding that while there is “a case for legislation which will provide the law enforcement agencies with some further access to communications data” the current proposal needs “substantial re-writing”. The Committee address three of the four concerns raised in our Janet evidence. They […]
Categories
Wild West or 1984?
[This is the approximate text of an internal company talk, which I’ve been asked to make more widely available] One of the odd things about how people talk about the Internet is that you’ll hear it described both as “the Wild West” where there are no rules and unlawful behaviour is rife and as a […]
I’ve made a Janet submission to the joint Parliamentary Committee considering the draft Communications Data Bill. It’s actually quite hard to predict what the effect of the Bill would be, as the Bill creates extremely wide powers for both the Home Secretary and Law Enforcement and the impact will depend on how those powers are […]
Categories
Shiny New Legislation
I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster: Data Retention (EC Directive) Regulations 2009 – with a significant update […]