Data Protection Regulation

6 July 2012 at 11:54am

Clouds and Law: Work to Do

Andrew Cormack
Cloud computing
Data Protection Regulation
Privacy
A new Opinion on Cloud Computing from the Article 29 Working Party highlights a number of difficulties in applying current data protection law to the cloud computing model and suggests that changes are needed both to cloud contracts and to European law. The main concerns are over lack of control by the client using the service and lack of information about what the service will involve.
Read more
4 July 2012 at 9:42am

Article 29 Working Party hints at new approach to Cloud

Andrew Cormack
Data Protection Regulation
Cloud computing
Data Protection Directive
The Article 29 Working Party have published an interesting toolbox for Binding Corporate Rules (BCR) for Data Processors. BCRs for Data Controllers have been suggested for some time as a way that large multi-national companies can comply with European Data Protection law.
Read more
13 August 2012 at 10:59am

MoJ Summary of Data Protection Responses

Andrew Cormack
Access Management
Breach Notification
Data Protection Regulation
Privacy
incident response
Cloud computing
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns.
Read more

2012 - Ministry of Justice call for evidence on EU Data Protection Proposals

Andrew Cormack
Thursday, June 28, 2012 - 13:39
Data Protection Regulation
Privacy
incident response
Cloud computing
Breach Notification
This is Janet’s response to the Ministry of Justice call for evidence on the European Commission’s data protection proposals. The JNT Association, trading as Janet, is the non-profit company limited by guarantee that operates the Janet network connecting education and research organisations in the UK to each other and to the Internet.
Read more

2010 - Ministry of Justice call for evidence on current data protection framework

Andrew Cormack
Thursday, June 28, 2012 - 13:36
Data Protection Directive
Data Protection Regulation
Privacy
This is JANET(UK)’s response to the Ministry of Justice Call for Evidence on the Current Data Protection Legislative Framework. JANET(UK) is the operator of the UK’s publicly-funded National Research and Education Network, JANET, which connects universities, colleges, research organisations and regional schools networks to each other and to the Internet.
Read more

Data Protection

Andrew Cormack
Thursday, June 28, 2012 - 13:35
Data Protection Directive
Data Protection Regulation
Privacy
Various consultations relate to the European Data Protection Directive and its implementation
Read more
30 May 2012 at 10:45pm

TERENA Trusted Cloud Drive Pilot

Andrew Cormack
Cloud computing
Privacy
Data Protection Regulation
[This article was originally written for the TERENA Conference blog]
Read more
6 June 2012 at 11:48am

Consent - the last resort?

Andrew Cormack
Access Management
Data Protection Directive
Data Protection Regulation
I did a presentation at the EEMA eID Interoperability conference last month on alternatives to "consent" in federated access management. At the moment consent seems to be the most often cited justification for processing personal data – websites frequently say that "by using this site you consent to...".
Read more
6 June 2012 at 11:21am

US Consumer Privacy Bill of Rights

Andrew Cormack
Data Protection Regulation
Privacy
Having been studying Europe’s proposed Data Protection revision for several weeks, it’s interesting to compare it with the proposed Consumer Privacy Bill of Rights recently published by the White House.
Read more
6 June 2012 at 11:21am

Clouds and law enforcement access

Andrew Cormack
Cloud computing
Data Protection Directive
Data Protection Regulation
When talking about use of cloud services an issue that often comes up is whether the ability of foreign law enforcement services to access data makes it illegal to use a service in that country. The law that’s most often mentioned is the USA PATRIOT Act, but plenty of other countries (including the UK and others in Europe) give their law enforcement agencies powers to access material that’s either accessible from computers in those countries or crosses their networks.
Read more
Subscribe to Data Protection Regulation