A presentation was made about the to be established Data Protection Officer, claiming to be informed by the EU’s advice on what the law means. We looked at whether a DPO is needed, the expertise and skills required, and the requirement for independence.
Tag Archives: technology
At the BCS legal day, a presentation was made entitled “Key Issues” which they started with a quote from Jan Albrecht MEP (the Rapporteur),
“[The] result is something that makes (as we intended from the beginning) everybody equally unhappy, but at the same time is a huge step forward for all sides involved.
Jan Albrecht MEP”
It is hoped that business opportunity will be created by a harmonisation of regulation across Europe with a goal of improved privacy for its citizens. The harmonisation is constrained by the Restrictions Article, which excludes areas of law from the Regulation and creates nationally authored variances.
I attended the BCS ISSG Legal day where the priority was the coming General Data Protection Regulation. I believe that the day was held under Chatham House rules, which means that comments cannot be attributed. I prefer to work on more open terms; it allows me to attribute credit to those who have informed me or changed my mind but the notes have been anonymised. The running order has been changed to make the story better and to conform to my preferred priority order, of principles, rights, obligations and enforcement. The day consisted of two presentations, entitled “Key Issues”, “the Data Protection Officer” and one on trends in enforcement. I have written these notes over the last week, and backdated them to the day of occurrence. These are a bit less polemic than my recent articles here, but for various reasons I have been reminded that that’s how they once were; I hope these articles are useful to my more technical readers. Some of the discussions and issues may interest those that follow me for politics.
The Digital Economy Act 2010 showed the long term goal of the entertainment industry, they want to criminalise file sharing. At the time, individual acts of copyright infringement were civil acts and the copyright owners had to pursue them through the courts, one at a time. This is expensive, slow, uncertain and most importantly expensive, compared with the cover price of a CD or DVD. The DE Act did that, it also sought to automate the justice system and in order to do that it weakened innocent until proven guilty, by prescribing defences and also placed a charge on going to court to argue not guilty. It really was a shit piece of legislation. However, the Law stated that the costs of surveillance and discovery had to be shared by the copyright owners and the internet service providers. The Courts struck down this part of the Law, (see here … for more)
In a blog at my employer’s site I looked at how to become compliant with the EU’s General Data Protection Regulation. Regulations are the Law in all the member states, and members of the European Economic Area. The article looks at the issues of consent, the new data subject rights, privacy by design, the meaning of adequate protection and new public accountability via the duty to report breaches and to appoint a professional data protection officer.
25% of the UK population don’t have broadband, this is higher amongst the poor and the old; it generally costs more than the BBC Licence. Also not all internet users are Facebook users. Facebook (& other social media providers) cannot act as a guarantor of identity in government and political business, partly because they’re proprietary, closed source systems and thus users, citizens and judges do not know what the code does. Digital inclusion is still one of the key political issues to be addressed in the internet age, governments and political parties need to step very carefully when they use social media platforms as a means of understanding people’s views; this is before we consider the anti-democratic nature of survey’s and referenda, you can only answer the questions asked, usually in a binary or scalar fashion. It’s not good enough …..oh yeah & open source.
Many the implications of the vote to leave the EU has been exercising my mind. I have finally got my notes & thoughts to publish my initial views on the politics of the aftermath; this article attempts to limit itself to the events and thoughts of the first week after the referendum. I have published them as at the date I started my storify where I collected the sources I wanted to quote. This is because it is one of a planned series, I plan to follow up with a piece on immigration, one on Labour Party and Left unity and one on the mutation of capitalism and politics.
One of the reasons for my delay was that I was asked for a number of quotes in the IT trade press which took some writing time. I have posted the complete quotes as three articles in linkedin pulse, on Cybersecurity, Privacy & Trade and the single market, covering innovation, TTIP & Privacy and net neutrality.
The highest levels of international judiciary have been busy over the last week, I report and comment on the Microsoft vs. FBI on linkedin Pulse, in an article called “Citizens Win”. It was quite simple in the end, the law under which the FBI was seeking search warrant powers was not on of the post 911 laws, but an earlier one and the US District Court says that the law grants no power of inspection abroad. The spooks are going to have to apply for an Irish warrant. In Europe however, Tom Watson’s & David Davies’s judicial review on DRIPA have reached the Advocate General. This reported by Tom Watson here, and by Glyn Moody here. Watson writes about the need for strong judicial review of the search warrants, and Moody brings up that mass surveillance can only be used in the fight against serious crime.
At the Real World Economics blog, Dean Baker argues that, those proposing the Reign of the Robots, have some evidence to find and that (US) economic policy makers are pursuing policies in direct contradiction to the implications of such an event.
Last month the Court of Justice of the European Union ruled the US Safe Harbour treaty to be insufficient for European data protection law purposes. How important this is, is subject to debate. One of the principles of European Data Protection law is that personal and confidential data must be “adequately protected”. The CJEU has stated that the US Safe Harbour agreement offers insufficient and uncertain protection to European personal data.
I had reason to read the Register’s front page this morning and came across these three IT Security and e-voting gems. Firstly the New Zealand Government uses NSA surveillance tools to spy on the a number of APAC governments to help in their campaign to win one of the World Trade Organisation’s elected positions. Secondly the Australian ivote’s practice system has been compromised in such a way that cast votes can be infected. This project was lead by Vannesa Teague and Alex Halderman; Teague has previously spoken of the inherent weakness of [ei]-voting., not a fan it would seem. And thirdly, CISCO’s CTO gives up on security, or at leas that’s what the Register reports as a headline; the comments by Hartman, CISCO’s CTO are more nuanced but he definitely proposes that devices cannot be secure, and need to be monitored against change and current and future threats, and how do you do that in the home.