28 October 2013 at 11:03am
A law that promotes Privacy by Design and Data Minimisation ought to encourage the use of indirectly-linked identifiers, which allow processing to be done separate from, or even without, the ability to identify the person whose information is being processed. However European Data Protection law has never really worked out what these identifiers are. The resulting regulatory uncertainty discourages the use of indirectly-linked identifiers to protect privacy and may even result in obligations that create new privacy risks.
8 October 2013 at 9:31pm
At the VAMP workshop last week I was asked to review legal developments that might affect access management federations. On the legislative side the new European Data Protection Regulation seems to be increasingly mired in politics.
15 August 2013 at 3:25pm
A recent news story reported that a small number of litter bins in London were collecting a unique identifier from passing mobile phones and using these for some sort of "footfall analysis". There doesn’t seem to be much detail about the plans: it struck me that a helpful application could perhaps be look for the same phone passing slowly and repeatedly past, and display an "are you lost?" map on the bin’s advertising screen!
25 June 2013 at 3:30pm
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, then those laws are working directly against the privacy they are supposed to be protecting.
6 June 2013 at 4:19pm
Robin Wilton of the Internet Society gave a talk at the TERENA Networking Conference on the interaction between privacy, regulation, and innovation. It's a commonly heard claim that regulation stifles innovation; yet the evidence of premium rate phone fraud and other more or less criminal activities suggests that regulation can, in fact, stimulate innovation, though not always of the type we want.
9 June 2013 at 8:57pm
I'll be speaking about "BYOD - Capabilities and Incentives" at the Gregynog Colloquium
1 June 2013 at 3:53pm
In what sometimes seems like a polarised debate on the draft Data Protection Regulation, it’s good to see the Article 29 Working Party trying to find the middle ground. The subject of their latest advice note is the contentious topic of profiling, which has been presented both as vital to the operation and development of Internet services and as an extreme violation of privacy.
12 March 2013 at 11:14am
The Information Commissioner has published helpful new guidance on how organisations can support the use of personally-owned devices for work, commonly known as Bring Your Own Device (BYOD). This appears to have been prompted by a survey suggesting that nearly half of employees use their own devices for work, but more than two thirds of them have no guidance from their employers.
15 February 2013 at 3:15pm
It’s interesting to read the Information Commissioner’s comments on the draft European Data Protection Regulation, which have just been published. A number of the comments address issues we’ve been struggling with in providing Internet services such as incident response and federated access management.
3 January 2013 at 11:39am
The International Chamber of Commerce has published a revised version of its Cookie Guide, reflecting the new information that has been produced by the Information Commissioner and Article 29 Working Party since
Subscribe to Privacy