Category: Other Information Law

Safe Harbor is now defunct because the European Court of Justice (ECJ) found the following: (a)    There is no general privacy law or other measures enacted in the USA that shows the USA offers "an adequate level of protection" for personal data relating to European data subjects; (b)    Public law enforcement authorities which obtain personal data from organisations in Safe Harbor are not obliged to follow the Safe Harbor rules after disclosure; (c)    Some USA law enforcement agencies can gain

The transfer of responsibility for data protection policy to the Department for Culture, Media and Sport (DCMS) from the Ministry of Justice (MoJ) is a really bad idea.  It fragments responsibility for data protection policy across three Departments of State and risks reducing the protection afforded to data subjects.  Important data protection recommendations from Leveson will be shelved.  This blog explains why. One reason for the shift of responsibility to the DCMS (unexplained at the moment) could be because it

This blog explains, in detail, how the Council of Minister’s text of the Regulation, in particular the exceptions specified in Article 21 (A.21) and the flexibility granted to Member States to enact variations to the obligations under the Regulation,  are very likely to result in a level of data protection below the standard established by Directive 95/46/EC. Given that the relevant parts of the Regulation (e.g. the exceptions in A.21) are being considered in current Trilog discussions, the blog provides a link

The Information Commissioner (ICO) has told the Association of British Insurers (ABI) that their members who ask data subjects to exercise their rights of access to health records in order to obtain insurance products are making several breaches of the Data Protection Act. Clearly, the ICO is expecting the ABI's variant of enforced subject access to cease; the only remaining question is whether the Insurance Industry disagrees and wants to “have its day in court”. In a letter to the ABI (see references),

Note added: 21/12/2015 after GDPR Trilog text published: Article 2b of the consolidated text states that the domestic purpose is processing “by a natural person in the course of a purely personal or household activity”; Recital 15 of that text allows for limited social media use. I therefore expect that Lindqvist and Ryneš rulings to remain relevant to the GDPR Original posting The Lindqvist decision of the European Court of Justice (ECJ) in 2003 has always caused problems.  In Data

Whilst awaiting the arrival of another enthralling, multi-megabyte, download about the General Data Protection Regulation, I started reading the judgement (Case Number IPT 14/85/CH), delivered by the Investigatory Powers Tribunal last February.  This is one of the cases between Privacy International and Government Communications Headquarters (GCHQ) which identified some unlawful processing of personal data by the latter (see references). Paragraph 109 of this Tribunal’s judgment refers to the National Security Certificates established by Section 28 of the DPA;  it states:

Now that last week’s General Election is done and dusted, what can we expect with respect to data protection from the new majority Conservative Government?  In summary, there is much in the first year program that could impact on privacy. In addition, given the SNP landslide in Scotland, there is the interesting question of whether or not Scotland will emerge with more privacy protection than the rest of the UK. The European “in-out” referendum After a negotiation, the Government intends

One of the papers published by the Intelligence and Security Committee (ISC) with its report into “Privacy and Security” contained a five-page memo from GCHQ’s legal advisers (see last week’s blog and references).  It suggests that the secret organisation is about to offer email services to the public in order to allay concerns about the mass retention of communications data. I have checked with a leading domain name registration company, and it appears that the first steps have already been

Suppose you are on a jury in a case about tax evasion.  What would you think of a defence on the lines: “the accused did not seek to circumvent the law”?  Would you accept this statement and return a not-guilty verdict? Well this, in summary, is what the Intelligence and Security Committee (ISC) has done.  In its press release associated with its report ‘Privacy and Security: A modern and transparent legal framework’, the ISC states: “The UK’s intelligence and security