The GDPR, the parallel regime and the ICO

Posted on June 15, 2017 by Sophie Stalla-Bourdillon • 2 Comments

The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading →

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

Posted on April 10, 2017 by Alison Knight • 1 Comment

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading →

anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data

The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?

Posted on September 19, 2016 by Sophie Stalla-Bourdillon • 1 Comment

The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading →

anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach

The GDPR and the biggest mess of all: why accurate legal definitions really matter….

Posted on April 12, 2016 by Sophie Stalla-Bourdillon • 9 Comments

Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading →

Data protection / ICO / metadata / Personal data

ICO issues guidance on when and how to remove personal data “safely” from disclosable information to avoid breaching data protection rules

Posted on November 2, 2015 by Alison Knight • 1 Comment

To be identifiable or not to be identifiable – to what extent do our identities merit concealment through law in light of the capabilities of modern technologies? The UK Information Commissioner’s Office (ICO) has recently published guidance on what to do when handling requests for information in respect of which personal data must first be … Continue reading →

Data protection / ICO

ICO Sets Precedent in Data Protection Ruling on Special Purposes Exemption

Posted on January 19, 2015 by Alison Knight • Leave a comment

Turning a new page on data protection in 2015 – ICO confirms that the definition of ‘journalism’ should be interpreted broadly The UK Information Commissioner’s Office (ICO) has been busy over the last month on data protection matters. This week, we heard news that the ICO has been carrying out some New Year reorganisation of … Continue reading →