Data Protection Regulation

6 June 2012 at 10:39am

EC seeks extra-territorial Data Protection

Andrew Cormack
Data Protection Regulation
In a speech last week, European Commissioner Viviane Reding said that in future European Data Protection regulations must apply to "any company operating in the EU market or any online product that is targeted at EU consumers", even if the organisation providing the service is not based in Europe.
Read more
6 June 2012 at 10:36am

Council of Ministers on DP Revision

Andrew Cormack
Cloud computing
Data Protection Regulation
Privacy
The European Council of Ministers has published a contribution to the revision of the Data Protection Directive.
Read more
6 June 2012 at 10:34am

MoJ Data Protection Response

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
An interesting morning yesterday at the launch of the Ministry of Justice's Response to the Call for Evidence on the Current Data Protection Legislative Framework.
Read more
6 June 2012 at 10:28am

EC Responds on Data Protection Consultation

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
The European Commission has published its response to last year's consultation on revising European Data Protection legislation, in particular Directive 95/46/EC.
Read more
4 July 2012 at 4:46pm

MoJ: Data Protection Law

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
The Ministry of Justice has been seeking evidence to inform its input into the ongoing revision of the European Data Protection Directive (95/46/EC).
Read more
6 June 2012 at 10:21am

Data Protection Revision Delayed

Andrew Cormack
Data Protection Regulation
Privacy
An interesting report from the French data protection authority (CNIL) that the European Commissioner has announced a delay in the proposed revision of the European Data Protection Directive 95/46/EC. Rather than publishing a draft Directive later this year, it seems that the plan is now to publish a report this autumn with the draft expected in November next year.
Read more
6 June 2012 at 10:19am

Data Protection Directive Meeting

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
I had an interesting day in Brussels yesterday, providing input for the Commission's revision of the 1995 Data Protection Directive. Invitations had been sent to those who responded to the consultation last year, so a wide variety of organisations were present, including banking, marketing, medical, consumer rights, content industries and telecommunications operators.
Read more
6 June 2012 at 10:18am

Pseudonymous Identifiers and the Law

Andrew Cormack
Access Management
Data Protection Act
Data Protection Regulation
Privacy
For a while I've been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can't. Indeed Access Management federations spend a lot of effort to make it as difficult as possible for the link to be made, using both technical and legal means to protect the privacy of users.
Read more
6 June 2012 at 10:16am

Thoughts on Data Breach Notification

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
ePrivacy Directive
Regulators and governments are moving towards creating a requirement that anyone who suffers a security breach affecting personal data would have to report it.
Read more
6 June 2012 at 10:10am

IP Addresses and Data Protection

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
copyright
incident response
An Occasionally Asked Question (an OAQ?) is "are IP addresses personal data?". That question is probably too broad to ever get a simple answer, but a recent decision by the Irish High Court  (EMI Records & Others v Eircom Ltd [2010] IEHC 108) has at least answered the related question "are logs indexed by IP address always personal data?".
Read more
Subscribe to Data Protection Regulation