Data Protection Act

This is Jisc's response to the DMCS call for views on Derogations under the General Data Protection Regulation (GDPR)
19 April 2017 at 9:41am
Recently I've been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students' consent. The resulting blog post is at
19 April 2017 at 9:44am
At Jisc's Learning Analytics Network meeting last month I presented an updated version of my suggested legal model for Learning Analytics.
29 July 2016 at 4:02pm
The latest announcement from the Article 29 Working Party on the US-EU Privacy Shield also suggests that there shouldn't be any short-term surprises for those using the other justifications for exporting personal data to the USA.
4 May 2016 at 3:15pm
More than a decade ago the e-Privacy Directive mentioned "location data" in the context of telecommunications services. At the time that was almost entirely about mobile phone locations - data processed by just a handful of network providers - but nowadays many more organisations are able to gather location data about wifi-enabled devices in range of their access points.
29 February 2016 at 2:40pm
The European Commission has now published draft texts that could be used to implement an EU/US Privacy Shield to replace the previous Safe Harbor agreement. It appears that the new scheme would only cover "commercial exchanges" of personal data between the EU and US so it is unlikely to be appropriate for export of personal data to US universities or non-profit organisations.
Subscribe to Data Protection Act