Data Protection Directive

22 May 2014 at 7:10am

Is there a "Right To Be Forgotten"? I don't know

Andrew Cormack
Data Protection Directive
right to be forgotten
Privacy
A number of people have asked me what the recent European Court judgment in the Google “right to be forgotten” case means; here’s why I have been answering that I don’t know!
Read more
24 April 2014 at 1:59pm

Legitimate Interests and Federated Access Management

Andrew Cormack
Access Management
Data Protection Directive
Data Protection Regulation
I only wish the Article 29 Working Party had published their Opinion on Legitimate Interests several years ago, as it could have saved us a lot of discussion in the federated access management community.
Read more
28 October 2013 at 11:03am

Legislating for Indirectly-linked identifiers

Andrew Cormack
Data Protection Directive
Data Protection Regulation
Privacy
A law that promotes Privacy by Design and Data Minimisation ought to encourage the use of indirectly-linked identifiers, which allow processing to be done separate from, or even without, the ability to identify the person whose information is being processed. However European Data Protection law has never really worked out what these identifiers are. The resulting regulatory uncertainty discourages the use of indirectly-linked identifiers to protect privacy and may even result in obligations that create new privacy risks.
Read more
1 May 2013 at 10:08am

International transfers within cloud providers

Andrew Cormack
Data Protection Regulation
Cloud computing
Data Protection Directive
The Article 29 Working Party have published an explanatory document on Binding Corporate Rules for Data Processors, to provide further detail on using the template they published last year.
Read more
19 November 2012 at 6:26pm

EU DP Supervisor on Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Directive
Data Protection Regulation
A new Opinion of the EU Data Protection Supervisor discusses some of the problems in applying the current Data Protection Directive to public cloud services, and how these might be done better under the proposed Data Protection Regulation. Particular challenges include
Read more
2 November 2012 at 12:00pm

Justice Committee: "Back to the drawing board" on Data Protection Regulation

Andrew Cormack
Data Protection Regulation
Data Protection Directive
The House of Commons' Justice Committee has published a critical report on the European Commission's proposals for a new Data Protection Regulation and Directive.
Read more
28 September 2012 at 6:56am

Progress on a European approach to Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Directive
Data Protection Regulation
The ASPIRE study on the future of National Research and Education Networks calls for European NRENs to work together on a common approach to cloud computing.
Read more
4 July 2012 at 9:42am

Article 29 Working Party hints at new approach to Cloud

Andrew Cormack
Data Protection Regulation
Cloud computing
Data Protection Directive
The Article 29 Working Party have published an interesting toolbox for Binding Corporate Rules (BCR) for Data Processors. BCRs for Data Controllers have been suggested for some time as a way that large multi-national companies can comply with European Data Protection law.
Read more
2 July 2012 at 2:58pm

Pseudonyms and Data Protection

Andrew Cormack
Access Management
Privacy
Data Protection Directive
Data Protection Act
The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law.
Read more

2010 - Ministry of Justice call for evidence on current data protection framework

Andrew Cormack
Thursday, June 28, 2012 - 13:36
Data Protection Directive
Data Protection Regulation
Privacy
This is JANET(UK)’s response to the Ministry of Justice Call for Evidence on the Current Data Protection Legislative Framework. JANET(UK) is the operator of the UK’s publicly-funded National Research and Education Network, JANET, which connects universities, colleges, research organisations and regional schools networks to each other and to the Internet.
Read more
Subscribe to Data Protection Directive