EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling

Posted on November 10, 2017 by Alison Knight • Leave a comment

“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading →

content regulation / Copyright / Data protection / filtering / freedom of expression / Human rights / illegal content / Internet intermediaries / notice-and-action / notice-and-take down / online platforms

Data Protection and Copyright: Could Art. 29 WP guidance on automated decision-making “help” with filters?

Posted on October 30, 2017 by Sophie Stalla-Bourdillon • 9 Comments

In its own way, the pan-EU Article 29 Data Protection Working Party (Art. 29 WP) has been very active in the past few months. One of the most awaited piece of advice released by Art. 29 WP this month covers automated individual decision-making and profiling for the purposes of Regulation 2016/679 (Opinion WP 251). Why … Continue reading →

Data protection / General Data Protection Regulation / ICO / misuse of private information

The GDPR, the parallel regime and the ICO

Posted on June 15, 2017 by Sophie Stalla-Bourdillon • 2 Comments

The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading →

General Data Protection Regulation / illegal content / Internet intermediaries / Legitimate interest / Personal data

The CJEU and the concept of ‘legitimate interest’: The case of Rīgas satiksme

Posted on May 9, 2017 by Sophie Stalla-Bourdillon • 1 Comment

The Court of Justice of the European Union (CJEU) delivered its awaited judgment on 4 May in the case Valsts policijas Rīgas reģiona pārvaldes Kārtības policijas pārvalde v Rīgas pašvaldības SIA ‘Rīgas satiksme’, answering two related questions: ‘(1) Must the phrase ‘is necessary for the purposes of the legitimate interests pursued by the … third party … Continue reading →

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Posted on April 18, 2017 by Alison Knight • Leave a comment

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading →

content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten

The GDPR, the proposed Copyright Directive and intermediary liability: one more time!

Posted on March 5, 2017 by Sophie Stalla-Bourdillon • 11 Comments

A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading →

Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach

A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?

Posted on November 9, 2016 by Sophie Stalla-Bourdillon • 1 Comment

The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading →

anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data

The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?

Posted on September 19, 2016 by Sophie Stalla-Bourdillon • 1 Comment

The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading →

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: