Author: info@amberhawk.com

This blog explains, in detail, how the Council of Minister’s text of the Regulation, in particular the exceptions specified in Article 21 (A.21) and the flexibility granted to Member States to enact variations to the obligations under the Regulation,  are very likely to result in a level of data protection below the standard established by Directive 95/46/EC. Given that the relevant parts of the Regulation (e.g. the exceptions in A.21) are being considered in current Trilog discussions, the blog provides a link

The Information Commissioner (ICO) has told the Association of British Insurers (ABI) that their members who ask data subjects to exercise their rights of access to health records in order to obtain insurance products are making several breaches of the Data Protection Act. Clearly, the ICO is expecting the ABI's variant of enforced subject access to cease; the only remaining question is whether the Insurance Industry disagrees and wants to “have its day in court”. In a letter to the ABI (see references),

Note added: 21/12/2015 after GDPR Trilog text published: Article 2b of the consolidated text states that the domestic purpose is processing “by a natural person in the course of a purely personal or household activity”; Recital 15 of that text allows for limited social media use. I therefore expect that Lindqvist and Ryneš rulings to remain relevant to the GDPR Original posting The Lindqvist decision of the European Court of Justice (ECJ) in 2003 has always caused problems.  In Data

Whilst awaiting the arrival of another enthralling, multi-megabyte, download about the General Data Protection Regulation, I started reading the judgement (Case Number IPT 14/85/CH), delivered by the Investigatory Powers Tribunal last February.  This is one of the cases between Privacy International and Government Communications Headquarters (GCHQ) which identified some unlawful processing of personal data by the latter (see references). Paragraph 109 of this Tribunal’s judgment refers to the National Security Certificates established by Section 28 of the DPA;  it states:

Now that last week’s General Election is done and dusted, what can we expect with respect to data protection from the new majority Conservative Government?  In summary, there is much in the first year program that could impact on privacy. In addition, given the SNP landslide in Scotland, there is the interesting question of whether or not Scotland will emerge with more privacy protection than the rest of the UK. The European “in-out” referendum After a negotiation, the Government intends