Category: News

Tomorrow the Information Commissioner will give his views on the draft Investigatory Powers Bill (“the Bill”) to a cross party Parliamentary Committee examining the Bill. The Bill proposes a power for the national security agencies to collect Bulk Personal Datasets (BPD) by a warrant signed by the Secretary of State which is subject to review by a Judicial Commissioner (the “double lock”). A Bulk Personal Dataset is any collection of personal data, where the “majority of the individuals are not,

Government policy towards the wider use of the National Insurance Number (NINo) as a general identifier appears to have changed again. This ever shifting policy now illustrates that well know saying “What goes around comes around”. As is well known, the “general identifier” powers in the Data Protection Act (Schedule 1, paragraph 1(4)) have never been activated with respect to the NINo. This is because Government well knows that there are lots of data controllers using the NINo for all sorts of

Note added 5th Jan 2016: my blog of this date augments the text below Many commentators have said that identifying a likely bomber/terrorist is like looking for a needle in a haystack.  So what do you do? The choices are: (a) build the largest haystack about all the population because you know that the needle has to be in there “somewhere”; or (b) have the powers to look at all the relevant smaller haystacks that are around when you have

This blog explains the extent to which the national security agencies have been collecting bulk Communications Data using powers which are being exercised in a way that were never subject to Parliamentary scrutiny.  Such data collection is neither subject to the relevant Code of Practice covering communications data nor to scrutiny from the Regulator who was specifically tasked by Parliament to supervise the use of communications data. The blog comprises yet another lesson in the dangers of leaving wide ranging

Please see the blog of 25/10/2015 which updates this blog Google was given 35 days (which elapsed around October 1st) to respond to the Commissioner's Enforcement Notice; I have found out from a very reliable source that Google has not appealed (i.e. passed over the opportunity to defend the policy at the Tribunal).  As Google risks criminal prosecution if they have not complied with the ICO’s demand, I am assuming Google has complied. The nine search results related to a

Safe Harbor is now defunct because the European Court of Justice (ECJ) found the following: (a)    There is no general privacy law or other measures enacted in the USA that shows the USA offers "an adequate level of protection" for personal data relating to European data subjects; (b)    Public law enforcement authorities which obtain personal data from organisations in Safe Harbor are not obliged to follow the Safe Harbor rules after disclosure; (c)    Some USA law enforcement agencies can gain

The transfer of responsibility for data protection policy to the Department for Culture, Media and Sport (DCMS) from the Ministry of Justice (MoJ) is a really bad idea.  It fragments responsibility for data protection policy across three Departments of State and risks reducing the protection afforded to data subjects.  Important data protection recommendations from Leveson will be shelved.  This blog explains why. One reason for the shift of responsibility to the DCMS (unexplained at the moment) could be because it