Data Protection Regulation

3 May 2019 at 10:16am
While colleagues are looking at whether data can be used to pick up early signs of mental health and wellbeing problems, I'm exploring possible legal frameworks for doing that safely. As the diagram shows, trying to deliver an early warning service to all students falls into a gap between three reasonably familiar areas of data protection law:
18 April 2019 at 8:48am
In data protection circles, the phrase "Safe Harbour" doesn't have a great reputation. Wikipedia describes those as setting hard boundaries around an area where "a vaguer, overall standard" applies. Famously, in 2015, the European Court of Justice struck down the data protection Safe Harbor arrangement negotiated between the European Commission and the US Government.
4 April 2019 at 11:55am
[Re-purposing an unused introduction to my full paper - "See no... Hear no... Track no..: Ethics and the Intelligent Campus" - that was published in the Journal of Information Rights, Policy and Practice this week]
22 March 2019 at 10:18am
To my ex-programmer ears, phrases like "web 2.0" and "industry 4.0" always sound a bit odd. Sectors don’t have release dates, unlike Windows 10, iOS 12 or Android Oreo. Oddly, one field that does have major version releases is the law: it would be quite reasonable to view 25th May 2018 as the launch of Data Protection 3.0 in the UK. Looking at past release cycles, it seems likely to be fifteen to twenty years before we see version 4.0.
11 February 2019 at 8:02pm
In a workshop at last week's AMOSSHE conference, we discussed how wellbeing analytics might be able to assist existing Student Support services.
31 January 2019 at 3:03pm
Shortly after we did out first Data Protection Impact Assessments, on the Janet Security Operations Centre and the Jisc Learning Analytics Service, the ICO published its
28 January 2019 at 3:18pm
Incident response teams often share information when investigating incidents. Some patterns may only become apparent when data from different networks are compared; other teams may have skills – such as analysing malware – to understand data in ways we cannot. Since much of this information includes IP or email addresses - information classed as Personal under data protection law - concerns have arisen that attackers might be able to use the law to frustrate this sharing.
14 January 2019 at 10:00am
Under current plans the UK will become - for data protection purposes - a "third country" when it leaves the EU.
12 December 2018 at 1:34pm
With the GDPR having now been in force for more than six months, my talk at this week's EUNIS workshop looked at some of the less familiar corners of the GDPR map. In particular, since EUNIS provided an international audience, I was looking for opportunities to find common, or at least compatible, approaches across the international endeavours of education and research. Topics covered: What is a University? Network and Information Security; Research; Learning Analytics; Intelligent Campus; and Wellbeing.
19 November 2018 at 2:34pm
I've been asked a number of times whether GDPR affects the sharing of information between incident response teams. This slideset discusses how GDPR encourages sharing to improve security, and provides a rule of thumb for deciding when the benefit of sharing justifies the data protection risk.
Subscribe to Data Protection Regulation