Author: info@amberhawk.com

I thought I would devote a blog to answer the following question: “What would I say, if a manager asked me what were the key changes to the data protection regime as a result of the Regulation?”. So please use/amend the text for this purpose if need be. Note the blog is only about the Regulation:– not the law enforcement elements where there is a separate Directive also published today. The first point to make is that a Regulation has

The Article 29 Data Protection Working Party (WP) has just published its comments on the EU-USA Passenger Name Record (PNR) Agreement; a deal that I analysed just before Xmas as having the following characteristics: “data protection is weak, proportionality not guaranteed, and obvious safeguards absent” (see references). This view is substantiated by the WP’s comments. As a general assessment, the WP notes that there have been “modest” improvements from earlier drafts “but does not see its serious concerns removed”.  Primarily

A brief note: between January 25th (most likely) and January 28th the official draft of a Regulation is expected to be published; it eventually result in changes to the UK's Data Protection Act. I will do an analysis of it for the blog in the following weeks. Also, our UPDATE session on March 26th in London will be revised in order to have at least a half day devoted to the Regulation and what it means for data controllers. Our guest

Last week I wrote about the leaked draft of the Regulation that is to replace Directive 95/46/EC. This week’s leak is the Directive that extends data protection to Europe's law enforcement agencies. ("Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of crime”). This Directive has one main objective: data sharing between Europe's law enforcement

The first impression of this leaked text is that this version of the Regulation is more prescriptive than Directive 95/46/EC and will get up most data controllers and Governmental noses. I think the text makes far too many fundamental changes than can be reasonably done via a Regulation (which has three times as many Articles as the Directive it replaces). And this conclusion is from someone who thinks changes to the UK data protection regime are badly needed (see references). I think this

It's very rare that I post another blog, but this is a rare event indeed: a data subject has taken successful action for compensation under section 13 of the Data Protection Act. Normally what happens if a data controller has caused damage, there is an out-of-court settlement with a gagging (sorry “confidentiality”) clause so no-one is the wiser. The claimant brought an action following an unauthorised disclosure of his personal medical data, in or about December 2007. The partner of