Author: info@amberhawk.com

I have just attended an interesting (and partly depressing) data protection event which considered the implementation of the Data Protection Regulation. The European Commission’s spokesperson (Paul Nemitz) signalled an inflexible approach towards the implementation of the Data Protection Regulation; he stated that he would consider amendments that make the Regulation work better but not those amendments that were based on alternative (and better) ideas. At the meeting Mr Nemitz pointedly said that in Germany there is a high level of

The Huffington Post has recently published a story that begins thus:  “When Justin Bassett interviewed for a new job, he expected the usual questions about experience and references. So he was astonished when the interviewer asked for something else: his Facebook username and password”. So what would you do in such circumstances? And what would the data protection implications be if this happened in the UK?  The conclusions I have reached is that the UK Data Protection Act would apply

Next week, the ICO is holding a meeting to discuss, in detail, the Regulation as published by the European Commission. So, I have decided to publish our comments on the Regulation (see references) and use this blog to provide a summary of the key points. The comments I make focus on how the Regulation can be improved from the data subject perspective. This is because the initial “Call for Evidence” by the MoJ was more like a “Call for Ammunition”, where the

 DAPIX is the Working Party on Information Exchange and Data Protection where delegations of civil servants from Member States discuss the European Commission’s Data Protection Regulation. The minutes of the meeting held on 23-24 February shows that there are deep divisions as to the content of the Regulation; in fact, the minutes record that only “a few delegations supported the Commission in its choice of a Regulation”. I can also reveal the Commission’s “hoped-for” timescale for the discussions about

Quick blog as I am teaching most of the week; but the headline says it all. A colleague of mine went to a lecture on the proposed Data Protection Regulation two days ago (organised by Field Fisher Waterhouse -  the city law firm that employs data protection stalwart Stewart Room and which hosts meetings of the National Association of Data Protection Officers – a information law grouping which has expanded its interest to cover FOI and RIPA issues as well).

You have probably skimmed section 32 of the Data Protection Act, and seen that the exemption negates the application of all the Principles (except the 7th) and most of the data subject rights, if personal data are processed for a journalism purpose and if the processing is necessary with a “view to publication” of the personal data. You also probably have drawn the conclusion that there was not much data protection to be had, given the scope of this exemption