Category Archives: Security

Data retention / Human rights / Intelligence and security agencies / interception / Jurisdiction / mass surveillance / national security / Security / terrorism

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

Posted on by 1 Comment

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading

Data retention / Data transfer / Human rights / Law enforcement / safe harbour / Security / Surveillance

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

Posted on by Leave a comment

We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading

Cybersecurity / Intelligence and security agencies / Jurisdiction / Security

New EU Cyber Security Directive enters into force, alongside new US Cyber Incident Coordination Directive

Posted on by Leave a comment

Cyber threats know no borders even if the law does…so how are cyber policies evolving in 2016 to deal with the increasing complexity and scale of cyber-incidents now faced by countries, businesses, and individuals? As anticipated in my post from January this year, a bolstering of cyber security legislation is squarely on the legislative and … Continue reading

Data protection / Law enforcement / Security / Surveillance / terrorism

New Air Passenger Data Processing Rules to Apply from 2018

Posted on by Leave a comment

Ready, steady, go… Clock countdown formally starts for the reform of three major pieces of EU data legislation! It’s finally final – three separate pieces of data privacy-related legislation in the EU will be coming into effect soon: As anticipated by Sophie last month here, the final version of the General Data Protection Regulation (GDPR) … Continue reading

Data retention / interception / Security / Surveillance

UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers

Posted on by Leave a comment

Law and policy regarding the capture of communications data continues to dominate the headlines for 2016 The European Data Protection Day, and the equivalent US/Canadian Data Privacy Day, coincided last week on 28 January. Their purpose – this year in the 10th edition of their kind, corresponding to the anniversary of the opening for signature … Continue reading

Security / Surveillance / terrorism

EU Parliament agrees to commence finalising the Passenger Name Record Directive in light of added data protection safeguards

Posted on by 1 Comment

Questions asked about the necessity and proportionality of yet another state scheme authorising the bulk sharing of personal data, and its storage, for risk assessment purposes – Will the EU get it right this time? In light of the growing threat posed by Islamic State militants, the issue of the EU air travel industry’s passenger … Continue reading

Data retention / Internet intermediaries / Law enforcement / Security

The potential impact of the Counter Terrorism and Security Bill on the Data Retention and Investigatory Powers Act 2014

Posted on by 3 Comments

Small drips but when might the floodgates open? – UK public telecoms to retain more types of communications data in the future Further to Sophie’s post last week on the potential impact of the Counter Terrorism and Security Bill (‘CTSB’) proposed last month by the UK government, one of our research colleagues at the University … Continue reading

Security

Government concerns over vulnerabilities in data security chains

Posted on by Leave a comment

‘Contractors – You are the Weakest Link!’ This week, a US government contractor released a statement regarding the latest in a line of security breaches involving the theft of personal data of government employees from it this year. The contractor, which is active in carrying out employee background security checks on behalf of the US … Continue reading

Breach notification / Data protection / Privacy / Privacy impact assessment / Security

‘Nothing is agreed until everything is agreed’… but still a new version of Chapter IV of the proposed General Data Protection Regulation has been released!

Posted on by Leave a comment

The Council of the European Union has agreed on a “partial general approach” when reviewing specific aspects of the proposed General Data Protection Regulation (GDPR) in a note issued on the 3rd of October 2014 for publication in the Council Register. In particular, the note contains a revised version of the draft text of Chapter … Continue reading

Internet intermediaries / Security

On malicious webpages, hosting providers… and the myth of technological neutrality!

Posted on by 3 Comments

In an article covering the issue of malicious webpages and what techies call ‘drive-by-downloads’, Huw Fryer, Tim Chown and myself suggest that one solution might lie in the imposition upon hosting providers of precautionary duties involving the systematic scanning of the websites they host on their platforms. [The article will be published soon but is … Continue reading