The Data Protection and Digital Information (No. 2) Bill (DPDIB) has been introduced to Parliament on the 8th of March 2023. It is not a complete revamp of the first Data Protection and Digital Information Bill, but this time the intention is firm. The Department of Science, Innovation and Technology (DSIT) is determined to have … Continue reading
Tag Archives: personal data
Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law
Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading
Anonymisation, pseudonymisation, WiFi tracking and the French: the JCDecaux case
The topic of ‘anonymisation’ has already been covered several times on the blog (see e.g. here, here, and here). We even have a new research paper (‘Anonymous Data v. Personal Data — A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data’) recently published in the Wisconsin International Law Journal on this issue … Continue reading
Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data
ICO Requests Feedback on New Data Protection Profiling Provisions
If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading
Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach
A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?
The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading
CJEU in Breyer: Dynamic IP addresses will (very?) often be personal data and German Law is too restrictive! Okay but how shall we care about voluntary and systematic retention of logs?
And here is delivered by the Court of Justice of the European Union (CJEU) another landmark judgment: C‑582/14 Breyer v Bundesrepublik Deutschland concerning the proper characterisation of IP addresses and the compatibility of German national law with Article 7(f) of the Data Protection Directive (DPD). The judgement is not available in English yet, but … Continue reading
New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement
Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Internet intermediaries / metadata / pseudonymisation / Risk-based approach / Surveillance
Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)
“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation
Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)
Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading
Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance
Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading