Download as PDF
Blog Article
The European Commission has now published its conclusions from the consultation on platforms it carried our earlier this year. This included notice-and-takedown: an issue we've been working on for many years.
Blog Article
More than a decade ago the e-Privacy Directive mentioned "location data" in the context of telecommunications services. At the time that was almost entirely about mobile phone locations - data processed by just a handful of network providers - but nowadays many more organisations are able to gather location data about wifi-enabled devices in range of their access points.
Blog Article
[UPDATE: the full paper describing this approach has now been published in the Journal of Learning Analytics]
[based on Doug Clow’s liveblog of the talk I did at the LAEP workshop in Amsterdam]
Blog Article
The Article 29 Working Party’s new Opinion on the US–EU Privacy Shield draft adequacy decision leaves a lot of questions unanswered and further prolongs the period of uncertainty for anyone transferring personal data from Europe to the USA.
Blog Article
The slides from our Networkshop session on Learning from Software Vulnerabilities are now available. All three talks showed how managing the process of finding, reporting and fixing vulnerabilities can improve the quality of software and the security of our systems.
Blog Article
Roughly what I said in my Digifest presentation yesterday
Blog Article
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.
Blog Article
The European Commission has now published draft texts that could be used to implement an EU/US Privacy Shield to replace the previous Safe Harbor agreement. It appears that the new scheme would only cover "commercial exchanges" of personal data between the EU and US so it is unlikely to be appropriate for export of personal data to US universities or non-profit organisations.
Blog Article
At the LINX meeting yesterday I was invited to summarise the various Parliamentary Committees' reports on the draft Investigatory Powers Bill. For more detail, see Graham Smith's excellent commentary.
Blog Article
The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection when personal data were transferred from Europe to the USA.
