EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling

Posted on November 10, 2017 by Alison Knight • Leave a comment

“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading →

Data retention / Human rights / Intelligence and security agencies / interception / Jurisdiction / mass surveillance / national security / Security / terrorism

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

Posted on September 20, 2017 by Alison Knight • 1 Comment

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading →

Consumer data / Cybersecurity / Internet of Things / national security / Risk-based approach

Governments push on with Cybersecurity Law and Policy Initiatives – an Overview so far in 2017

Posted on September 11, 2017 by Alison Knight • Leave a comment

Another day, another massive personal data security breach… but how have law-makers and regulators reacted in developing cyber-security policies so far this year? This week it was reported that Equifax – the US credit bureau – suffered a giant cybersecurity breach this summer compromising the personal information (including names, social security numbers, birth dates, addresses, … Continue reading →

Human rights / mass surveillance / safe harbour / Surveillance

CJEU rules EU-Canada PNR Agreement incompatible with EU Charter rights to privacy and personal data protection

Posted on July 27, 2017 by Alison Knight • Leave a comment

EU data protection/privacy laws continue to keep this international Air Passenger data agreement ‘grounded from taking flight’, but what effect could the decision have on similar data agreements already concluded with the EU? On 26 July, the European Court of Justice (CJEU) declared that the EU-Canada Passenger Name Record (PNR) Agreement is incompatible with EU … Continue reading →

Data protection / General Data Protection Regulation / Personal data

Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law

Posted on July 27, 2017 by Alison Knight • Leave a comment

Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading →

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Posted on April 18, 2017 by Alison Knight • Leave a comment

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading →

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

Posted on April 10, 2017 by Alison Knight • 1 Comment

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading →

Access to data / Consumer law / content data / content regulation / Data protection / Personal data

Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content

Posted on March 20, 2017 by Alison Knight • Leave a comment

It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading →

Access to data / Data protection / General Data Protection Regulation / Law enforcement / Legitimate interest / Personal data / sensitive data

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

Posted on January 28, 2017 by Alison Knight • 3 Comments

But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading →

Data retention / Data transfer / Human rights / Law enforcement / safe harbour / Security / Surveillance

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

Posted on September 19, 2016 by Alison Knight • Leave a comment

We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading →

Peep Beep!

Peep Beep! (the clock that rings when they peep in!) is a blog dedicated to privacy and information law. #law #privacy #dataprotection #AI #informationsecurity. Interested in contributing? Email peepbeepteam at gmail dot com.

Author Archives: Alison Knight

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

Like this:

Governments push on with Cybersecurity Law and Policy Initiatives – an Overview so far in 2017

Like this:

CJEU rules EU-Canada PNR Agreement incompatible with EU Charter rights to privacy and personal data protection

Like this:

Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law

Like this:

ICO Requests Feedback on New Data Protection Profiling Provisions

Like this:

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

Like this:

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: