Data Protection Regulation

19 November 2012 at 6:26pm

EU DP Supervisor on Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Directive
Data Protection Regulation
A new Opinion of the EU Data Protection Supervisor discusses some of the problems in applying the current Data Protection Directive to public cloud services, and how these might be done better under the proposed Data Protection Regulation. Particular challenges include
Read more
13 November 2012 at 4:43pm

Legal issues in dealing with Botnets

Andrew Cormack
Botnets
Data Protection Regulation
CSIRT
ePrivacy Directive
incident response
malware
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack.
Read more
2 November 2012 at 12:00pm

Justice Committee: "Back to the drawing board" on Data Protection Regulation

Andrew Cormack
Data Protection Regulation
Data Protection Directive
The House of Commons' Justice Committee has published a critical report on the European Commission's proposals for a new Data Protection Regulation and Directive.
Read more
4 October 2012 at 6:52pm

Information Commissioner Guide to Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Regulation
Privacy
The Information Commissioner has published new Guidance on the Use of Cloud Computing for organisations who are, or are considering, using cloud services to process personal data. The benefits of clouds are recognised: these may include “increased security, reliability and resilience for a potentially lower cost”. However cloud customer organisations may also “encounter risks to data protection that they were previously unaware of”.
Read more
28 September 2012 at 6:56am

Progress on a European approach to Cloud Computing

Andrew Cormack
Cloud computing
Data Protection Directive
Data Protection Regulation
The ASPIRE study on the future of National Research and Education Networks calls for European NRENs to work together on a common approach to cloud computing.
Read more
20 September 2012 at 12:15pm

ENISA on cyber incident reporting

Andrew Cormack
Breach Notification
Data Protection Regulation
ePrivacy Directive
incident response
eSignature Directive
ENISA have  published an interesting report on cyber incident reporting. Their scope is wide – incidents range from the failure of a certificate agency to storms creating widespread power (and therefore connectivity) outages.
Read more
17 September 2012 at 9:34am

Cooperation between CERTs and Law Enforcement

Andrew Cormack
incident response
Cybercrime
Data Protection Regulation
I participated in an interesting discussion last week at ENISA’s Expert Group on Barriers to Cooperation between CERTs and Law Enforcement. Such cooperation seems most likely to occur with national/governmental CERTs but I’ve been keen to avoid recommendations that they be given special treatment, not least because of the risk that such treatment might actually create barriers between them and other CERTs.
Read more

VO Architecure Middleware Planning (VAMP)

Andrew Cormack
25 July 2012 at 9:13am
Access Management
Data Protection Regulation
I'll be talking about the legal framework that might provide a home for complex middleware relationships. For some reason I agreed to the title "Here be VAMPires" ;-)
Read more
18 July 2012 at 5:37pm

Pseudonymous Identifiers and the DP Regulation

Andrew Cormack
Access Management
Data Protection Regulation
Statewatch have published what appears to be a document from the Council of (European) Ministers containing comments on the proposed Data Protection Regulation. It’s interesting to see that there seems at last to be a recognition that the current legal treatment of indirectly linked identifiers is unsatisfactory.
Read more
10 July 2012 at 10:06am

Hacking the law for Federated Access Management

Andrew Cormack
Access Management
Data Protection Regulation
One definition of a “hacker”, according to Wikipedia, is someone “who makes innovative customizations or combinations of retail electronic and computer equipment”. I was recently asked by TERENA to have a think about the legal issues around using federated access management to control access to resources in eResearch. This has quickly come to feel like hacking (in that sense) the law: making it do something it didn’t know it was capable of...
Read more
Subscribe to Data Protection Regulation