Categories
Articles

Cookies: limits of regulation

In going through the new (2023) Data Protection and Digital Information (No.2) Bill I noticed that it does actually make a change to UK law on cookies: according to clause 79(2A), consent will no longer be needed to store or access information in the user’s terminal equipment if this is done by the person who […]

Categories
Articles

ePrivacy Regulation: one step closer

[Update (Nov’21): I’ve discovered that Patrick Breyer MEP has published a “parallel text” of the three current proposals (Commission, Parliament and Council). Not exactly easy reading, but it makes it much easier to see where they are similar, and where there remain significant differences] [Original (Feb’21) post…] After four years, and nearly three years after […]

Categories
Articles

Audience Measurement

To improve websites and other online services, measuring how they are used is a key tool. However the law on measuring visitors to websites is a mess. Nine years ago, when reviewing the types of cookies that do not need consent, the Article 29 Working Party of data protection regulators concluded that requiring consent when […]

Categories
Articles

ePrivacy – progress or not?

Dataguidance is reporting that the German presidency has produced its progress report on the last six months of discussions on the ePrivacy Regulation. Recall that this was supposed to come into force on the same day as the GDPR… And it seems that Member States still haven’t reached agreement on what purposes might justify a […]

Categories
Articles

New Presidency: new ePrivacy progress?

It seems a long time since I wrote about the ePrivacy Regulation. This was supposed to come into force alongside the GDPR, back in May 2018, and provide specific guidance on its application to the communications sector. You may remember it as “Cookie law”, though it was never just that. Unfortunately its scope grew and, […]

Categories
Articles

ePrivacy Regulation: more support for information sharing

The latest text in the long-running saga of the draft ePrivacy Regulation contains further reassuring indicators for incident response teams that want to share data to help others. Article 6(1)(b) allows network providers to process electronic communications data (a term that includes both metadata and content) where this is necessary “necessary to maintain or restore […]

Categories
Articles

ePrivacy Regulation: better news for online security

Some good news from the draft ePrivacy Regulation. More than a year after I pointed out that the Regulation could inadvertently prohibit websites and other Internet-connected services from using logfiles to secure their services, the Council of Ministers’ latest (20th September 2018) draft explicitly recognises the problem. Recital 8 now includes the positive statement that: […]

Categories
Articles

Progress Report: ePrivacy Regulation

Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications. In fact, particularly after it was amended in 2009, the ePD did a bit more than that, as it turned out to be a convenient place to insert […]

Categories
Articles

IP Addresses, Privacy and the GDPR

It’s well-known that the General Data Protection Regulation says that IP addresses should be treated as personal data because they can be used to single out individuals for different treatment, even if not to actually identify them. In fact – as most organisations and network providers implement proxies, Network Address Translation (NAT) and other technologies […]

Categories
Closed Consultations

Jisc response to DCMS consultation on GDPR Research implementation

Jisc responded to the DCMS consultation on implementing the Research provisions of the GDPR into UK law. The exemptions from certain obligations and data subject rights contained in section 33 of the Data Protection Act 1998 have been vital in enabling long-term research studies, including in health and social sciences, while ensuring the protection of […]