Category Archives: General Data Protection Regulation

anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data

The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?

Posted on by 1 Comment

The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading

anonymisation / Brexit / Data protection / Data transfer / digital identity / e-government / eIDAS / General Data Protection Regulation / safe harbour

eIDAS applies from 1 July 2016: An EU dream come true after a Brexit nightmare?

Posted on by 1 Comment

  Six days after the results of the UK Brexit referendum and it is still very hard to go back to a “normal” life, especially while remaining an EU citizen living in the UK. One of the most upsetting things of the referendum, at least for lawyer, is its nonsense. This holds true in particular … Continue reading

anonymisation / big data / Data protection / General Data Protection Regulation / Internet intermediaries / metadata / pseudonymisation / Risk-based approach / Surveillance

Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)

Posted on by 1 Comment

“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading

anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation

Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)

Posted on by Leave a comment

Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading

consent / Data protection / General Data Protection Regulation / Geo-location data / Personal data

Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance

Posted on by Leave a comment

Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading

anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach

The GDPR and the biggest mess of all: why accurate legal definitions really matter….

Posted on by 9 Comments

Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading

Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Posted on by 3 Comments

Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU  the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading

anonymisation / big data / Data protection / General Data Protection Regulation / Personal data / pseudonymisation / research / sensitive data

What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPR better than the Directive?

Posted on by 2 Comments

What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPD better than the Directive? So here we are. It’s almost Christmas and after three years of intense debate the Council of the European Union and the European Parliament have announced that they have informally agreed on … Continue reading

anonymisation / General Data Protection Regulation / Personal data

A German view of the Council’s proposed General Data Protection Regulation: let’s try one more time… by the way what do we do with Browser-Generated Information?

Posted on by 1 Comment

The Council of the European Union released its version of the Proposed Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or ‘GDPR’) on 11 June 2015, as mentioned by … Continue reading