Category: Data Protection

I think 99.999% of people in the UK have never met, or heard of, Mr. Stephen McCartney. Those attending data protection conferences might recall him speaking about his policy role at Information Commissioner’s Office (ICO); indeed we have asked him to speak at our Update sessions because he is articulate and thought provoking. Yet Mr. McCartney has become a central figure in the national press and the blogosphere over a story about the ICO’s investigation into Google’s StreetView. Mr. McCartney

About three months ago, I blogged about the considerable Member State “disharmony” about the content of the Data Protection Regulation published in January. Well the disagreements have multiplied, and the Council has “released” a revised position on the first 10 Articles of the new Data Protection Regulation that will replace the 1995 Directive. The changes favour data controllers. The text contains details of 147 Member State reservations on Articles 1-10 and 80(a) and 83 (about one ninth of the 90

In one of my blogs on Google StreetView (see references), I said that the Information Commissioner (ICO) could not serve a Monetary Penalty Notice (MPN) on Google when its software captured some personal data from household Wifi systems. This assessment was based on the fact that Google published statements to the effect that only an insignificant cache of random personal data was captured and that any capture of personal data was wholly unintentional. I argued that the problem when serving

Should you be fined if you failed to register with the local police, the national security agencies, any Government Department or a Credit Reference Agency? Should the national security agencies, for instance, be entitled to create a population register, the core of which could be similar to that of associated with the ill-fated ID Card (much beloved by the previous Government)? Surprised by these questions? Both these outcomes are possible, courtesy of the Electoral Registration and Administration Bill just published

April is becoming a month of resurrections. The last blog referred to the Members of an Information Rights Tribunal resurrecting the corpse of Durant which then bit them; they were thus turned into zombies and issued a Decision that I will politely call “provocative and novel”. Last month Theresa May resurrected the data retention ambitions of GCHQ so that all contact details, dates and times of all electronic communications between all individuals in the UK are retained for a year or