Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading
Author Archives: Alison Knight
New EU Cyber Security Directive enters into force, alongside new US Cyber Incident Coordination Directive
Cyber threats know no borders even if the law does…so how are cyber policies evolving in 2016 to deal with the increasing complexity and scale of cyber-incidents now faced by countries, businesses, and individuals? As anticipated in my post from January this year, a bolstering of cyber security legislation is squarely on the legislative and … Continue reading
EU Approves ‘Privacy Shield’ Safe Framework for Trans-Atlantic Personal Data Transfers
Privacy shields doubling as privacy swords? … While “the best defence” may also make a “good offence” (or, “offense”, as our US counterparts would call it), first you need to be confident that your defence strategy works! Last Friday, a statement was made by EU Vice-President Ansip and Justice Commissioner Vera Jourová announcing the adoption … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Internet intermediaries / metadata / pseudonymisation / Risk-based approach / Surveillance
Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)
“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation
Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)
Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading
Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance
Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading
New Air Passenger Data Processing Rules to Apply from 2018
Ready, steady, go… Clock countdown formally starts for the reform of three major pieces of EU data legislation! It’s finally final – three separate pieces of data privacy-related legislation in the EU will be coming into effect soon: As anticipated by Sophie last month here, the final version of the General Data Protection Regulation (GDPR) … Continue reading
Latest Policy Guidance Published on Data Protection and Location Analytics Data
‘We Know Where You Are’ to ‘We Know Who You Are’ … How far are the risks involved with processing information collected from geo-location technologies alleviated by data protection rules? With the wide uptake of smart mobile devices and the rapid development of location-based apps and services, all kinds of geographic information about us are … Continue reading
EU Commission publishes Legal Texts of New ‘Privacy Shield’ Framework for Trans-Atlantic Data Transfers
…But, will the highly anticipated EU-US ‘Privacy Shield’ live up to its super-hero billing? Last month proved to be a particularly busy time for data protection news. First, the Council of the EU adopted a political agreement on the texts that will form part of the new Data Protection Reform Package. Also hitting headlines was … Continue reading
UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers
Law and policy regarding the capture of communications data continues to dominate the headlines for 2016 The European Data Protection Day, and the equivalent US/Canadian Data Privacy Day, coincided last week on 28 January. Their purpose – this year in the 10th edition of their kind, corresponding to the anniversary of the opening for signature … Continue reading