Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

ICO on Safe Harbor judgment

Thursday, October 29, 2015 - 16:13

The Information Commissioner's Office has published a new article on how they are responding to the European Court's Safe Harbor judgment. The overall message is that data controllers should take stock and not panic. While noting that the judgment does remove some of the former legal certainty, the ICO is "certainly not rushing to use our enforcement powers".

There's an important reminder that the actual protection given to personal data isn't changed by the judgment – "there's no new and immediate threat". Companies that gave undertakings under the Safe Harbor principles are still required by their US regulators to stick to those undertakings. That's particularly relevant in the UK where the Information Commissioner encourages data controllers to make their own assessment of the risk of exports, rather than relying on others' decisions. Although the ICO is working on updated guidance on how to do that, "for the most part it's still valid" and the Safe Harbor undertakings can be taken into account.

While the legal position is likely to remain unclear till at least the end of January, when European regulators plan to review progress, it's good to see our regulator recognising that both data controllers and data subjects are much better served by stability than any sudden changes of direction.