Data Protection Regulation

17 January 2018 at 3:56pm

Ethical use of AI in HE

Andrew Cormack
Ethics
Artificial Intelligence
Data Protection Regulation
Learning Analytics
#EthicalHEAI
Last week I was invited to a fascinating discussion on ethical use of artificial intelligence in higher education, hosted by Blackboard. Obviously that's a huge topic, so I've been trying to come up with a way to divide it into smaller ones without too many overlaps. So far, it seems a division into three may be possible:
Read more
5 January 2018 at 1:24pm

How to Start Learning Analytics?

Andrew Cormack
Learning Analytics
GDPRtopics
Data Protection Regulation
One of my guidelines for when consent may be an appropriate basis for processing personal data is whether the individual is able to lie or walk away. If they can, then that practical possibility may indicate a legal possibility too.
Read more
18 December 2017 at 1:34pm

Article 29 WP draft on Transparency

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party has published its draft guidelines on transparency. For those of us who have already been working on GDPR privacy notices, there don’t seem to be any surprises: this is largely a compilation of the relevant sections of the Regulation and other guidance.
Read more
18 December 2017 at 1:20pm

GDPR: Processing notification and protecting security

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
Concern has sometimes been expressed whether the General Data Protection Regulation’s (GDPR) requirement to notify individuals of all processing of their personal data would cause difficulties for security and incident response teams. These activities involve a lot of processing of IP addresses, which the GDPR and case law seem to indicate will normally count as personal data. But a law that required us to tell attackers how much we knew about their activities would help them far more than us.
Read more
15 December 2017 at 11:35am

Jisc GDPR conference

Andrew Cormack
Data Protection Regulation
#JiscGDPR
For those who couldn't make it to the Jisc GDPR conference last week (and those who did, but want a refresher) the slides are now available.
Read more
15 December 2017 at 9:16am

Article 29 WP draft on Consent

Andrew Cormack
Data Protection Regulation
GDPRtopics
GDPRprocess
The Article 29 Working Party of European Data Protection Supervisors has published draft guidance on consent under the General Data Protection Regulation. Since the Working Party has already published extensive guidance on the existing Data Protection Directive rules on consent, this new paper concentrates on what has changed under the GDPR.
Read more
12 December 2017 at 8:37am

Security, Incident Response, Privacy and Data Protection

Andrew Cormack
Data Protection Regulation
incident response
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential :)
Read more
8 December 2017 at 11:12am

Article 29 WP draft on Automated Processing

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party have conducted a brief consultation on draft guidance on Automated Processing that, surprisingly, reverses all previous legal interpretations I've found. GDPR Article 22 is one of several that begin "The data subject shall have the right", in this case:
Read more
4 December 2017 at 10:25am

Implementing the GDPR

Andrew Cormack
Data Protection Regulation
GDPRprocess
Last week I spoke at the UCISA CISG-PCMG conference on some of the tools we have been using within Jisc to apply the requirements of the GDPR. UCISA has now published a recording of the session, as well as a copy of my slides.
Read more
Subscribe to Data Protection Regulation