Privacy

Federated access management can make things nice and simple for both the user and the service they are accessing. By logging in to their home organisation the user can have that organisation release relevant information to the service - "I am a student", "this is my e-mail address" and so on. And because that information comes from the organisation, the service is likely to consider it more reliable than information self-asserted by the individual user (especially if being a student entitles you to benefits such as site licences, reduced prices, etc.).

Europe and the USA are often seen as having very different approaches to personal data: Europe has an over-arching law covering all personal data, the US has some specific laws on particular uses of personal data. One area that is covered by US legislation is the use by universities and colleges of information about their students; since there is increasing exchange of both students and their data across the Atlantic, it seemed worth spending a bit of my time to compare the two laws.

The law graduate in me having gone to lie down with a headache from trying to understand the implications of the new UK cookie law, the maths graduate is having a look at it. So the following bears no relation to legal thinking; since it's ten years since I ran a web server it may also bear little relation to what's actually feasible! So please don't quote me in discussions of those aspects.

The Privacy and Electronic Communications (EC Directive)(Amendment) Regulations 2011 have now been published, amending the previous Privacy and Electronic Communications (EC Directive) Regulations 2003 as required by the new EC Telecommunications Directives.