Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Safe Harbor: Advice Postponed

Friday, February 12, 2016 - 09:29

The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection when personal data were transferred from Europe to the USA. On 2nd February the European Commission announced a Privacy Shield agreement to replace Safe Harbor. The Article 29 Working Party will now review the Privacy Shield alongside other arrangements for exporting personal data from the EU.

Although this extends the period of legal uncertainty, the UK Information Commissioner’s interim guidance notes that "there is no new and immediate threat to individuals' personal data that has suddenly arisen" and that organisations and individuals should not panic.

The first thing for businesses to do is take stock. Ask yourself what personal data are you transferring outside the EU, where is it going to, and what arrangements have you made to ensure that it is adequately protected. Then look at whether these arrangements are the most appropriate ones, taking into account the ICO’s guidance on international transfers.

Specifically on cloud computing, the ICO

expect that many cloud service providers wishing to provide services in Europe will be carrying out reviews of their contractual arrangements and the mechanisms underpinning any transfers of personal data from Europe in order to guarantee EU data protection standards for data in the cloud.

Jisc is continuing to work with cloud providers and their research and education customers to help them to do that. Information about developments is available from the cloud service groups on Jisc Community.