ePrivacy Regulation

5 March 2020 at 10:09am

ePrivacy Regulation: more support for information sharing

Andrew Cormack
incident response
Data Protection Regulation
ePrivacy Regulation
The latest text in the long-running saga of the draft ePrivacy Regulation contains further reassuring indicators for incident response teams that want to share data to help others.
Read more
4 October 2018 at 1:20pm

ePrivacy Regulation: better news for online security

Andrew Cormack
ePrivacy Regulation
incident response
Some good news from the draft ePrivacy Regulation.
Read more
16 August 2018 at 9:05am

Progress Report: ePrivacy Regulation

Andrew Cormack
ePrivacy Regulation
Data Protection Regulation
Cookies
Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications.
Read more
19 April 2017 at 9:36am

Article 29 Working Party support security and incident response

Andrew Cormack
ePrivacy Regulation
incident response
GDPRdevelopment
Having had my own concerns that the European Commission's draft e-Privacy Regulation might prevent some activities that are needed by security and incident response teams, it's very reassuring to see the Article 29 Working Party recommending an explicit broadening of the scope of permitted Network and Information Security (NIS) activities.
Read more
5 May 2017 at 8:48am

GDPR: Alumni processes

Andrew Cormack
Data Protection Regulation
ePrivacy Regulation
Alumni
GDPRtopics
Most universities maintain databases of alumni, for purposes including keeping them informed about the organisation, offering services and seeking donations. These activities have a lot in common with other charities, so the Information Commissioner's guidance is relevant.
Read more
19 April 2017 at 9:42am

ePrivacy Regulation: a risk for website security?

Andrew Cormack
ePrivacy Regulation
incident response
GDPRdevelopment
Last October the European Court of Justice confirmed that websites do have a legitimate interest in security that may justify the processing of personal data. That case (Breyer) overruled a German law that said websites could only process personal data for the purpose of delivering the pages requested by users. As far as I know, everywhere else in Europe the use of logs to secure websites is accepted as lawful.
Read more
Subscribe to ePrivacy Regulation