While some have viewed the General Data Protection Regulation's approach to consent as merely adjusting the existing regime, the Information Commissioner's draft guidance suggests a more fundamental change: "a more dynamic idea of consent: consent as an organic, ongoing and actively managed choice, and not simply a one-off compliance box to tick and file away".

A couple of organisations have asked me recently whether the General Data Protection Regulation (GDPR) requires them to get some sort of external recognition of their incident response team. Here's why I don't think it does.

Recital 49 of the Regulation says:

Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of act

The European Commission recently published wide proposals to reform copyright law. One particular concern is that the proposals appear to reduce the existing legal protections for sites that host third party content.

On the recent trial run of our new course on Filtering and Monitoring we invited students to discuss the Home Office requirement to "consider the use of filters as part of their overall strategy to prevent people being drawn into terrorism".