Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Implementing the EC telecoms framework

Wednesday, July 4, 2012 - 16:49

Earlier this year the European Community revised its regulatory framework for telecommunications networks, so the UK Government is now consulting on how to implement those changes in UK law. Although most of the changes are not relevant to JANET as a private network, I have responded in three areas:

  • Data breach notification, where the UK seems to be treating notification as a punishment - something I've considered for a while would set up a very unhelpful incentive to conceal problems rather than help people recover from them;
  • Cookies, where the UK seem to have come up with a pragmatic interpretation of what appears to be at best confusing and at worst unenforcible European drafting. Rather than websites having to seek explicit prior consent for all cookies, as some have interpreted the EC wording, the UK is now proposing that provided users are informed about the need to set cookie preferences, and enabled to do so, then sites can assume that if a user's browser will accept a cookie then the consent requirement of EC law will be satisfied;
  • Spam, where the UK Government don't seem to have noticed that the EC have fixed an eight year old loophole that makes legal protection against spam less effective than it could be. This change is particularly important for universities, colleges and other organisations where a large number of users share a single internet connection. I've been pointing out the problem to BIS and its predecessor departments for years so have now encouraged them to make the same correction to UK law.