Author: info@amberhawk.com

  Yesterday’s European Court of Justice (ECJ) Ruling which established that Google was a data controller because its search engines processed personal data has been widely reported as establishing an automatic “right to be forgotten”. This view is incorrect and in this blog, I explain why. Also overlooked in the furore is the simple matter of the right to object to marketing; this has the potential to be far more problematic for Google’s business model. The ECJ Judgment First I

Am I the only one that is increasingly worried about the uncontrolled use of DNA as a biometric identifier for security devices and log-on routines? These are being introduced as part of the next development in tablets and mobile phones like the iPhone. It all started five years ago in the USA when Yale, one of the world’s leading lock-makers, started experimenting with a kind of spittoon attached to a DNA analyser and one of its advanced electronic industrial locks.

  An analysis of Section 28 Certificates issued by the previous Labour Government shows that the exemptions for the national security function are excessive. The recent publication of a “memorandum of understanding” and analysis of the TfL Certificate (last week’s blog) shows that the current Government has continued this policy. It is my view, that if the national security agencies were required to apply the data protection principles, subject to appropriate exemptions and an effective system of regulation (not necessarily

Happy Data Protection Day. This is perhaps an appropriate day to read the National Security Certificate signed by Theresa May, Home Secretary, in 2011; it involves the capture of images from Transport for London’s (TfL’s) Congestion Charge CCTV/ANPR cameras and their onward disclosure, via the Metropolitan Police, to the national security agencies. In summary, the Certificate is broadly drafted and allows for disclosures for purposes that are not necessary for the functions of the national security agencies; the drafting could