The Data Protection and Digital Information (No. 2) Bill (DPDIB) has been introduced to Parliament on the 8th of March 2023. It is not a complete revamp of the first Data Protection and Digital Information Bill, but this time the intention is firm. The Department of Science, Innovation and Technology (DSIT) is determined to have … Continue reading
Category Archives: pseudonymisation
big data / Consumer data / GDPR / Legitimate interest / metadata / Privacy impact assessment / pseudonymisation
EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling
“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading
Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data
ICO Requests Feedback on New Data Protection Profiling Provisions
If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading
Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach
A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?
The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data
The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?
The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Internet intermediaries / metadata / pseudonymisation / Risk-based approach / Surveillance
Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)
“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation
Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)
Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading
anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach
The GDPR and the biggest mess of all: why accurate legal definitions really matter….
Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Personal data / pseudonymisation / research / sensitive data
What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPR better than the Directive?
What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPD better than the Directive? So here we are. It’s almost Christmas and after three years of intense debate the Council of the European Union and the European Parliament have announced that they have informally agreed on … Continue reading
Council reaches general agreement on proposed Data Protection Regulation, but disagreements remain in view
‘A single road ahead or cross-roads reached?’ – Is the aim of EU harmonisation of data protection rules disappearing out of sight? On 15 June, the Council of the EU announced that it had agreed a general approach to the draft Regulation on the protection of individuals with regard to the processing of personal data … Continue reading