Category: Other Information Law

Put October 8th in the diary; it might be an interesting Parliamentary day for data protection aficionados. It is the day when Operation Millipede might begin to realise its potential to out-perform Leveson for headlines concerning “shock-horror”, “privacy busting” exploits. On the other hand, Government indifference could make it a damp-squib. Operation Millipede is the name coined by the Serious Organised Crime Agency (SOCA) for one of its investigations; it involved blagging by private investigators where, worryingly, some of the

Let us suppose you are a hugely wealthy celebrity trying to secure your mansion: electronic locks, CCTV on the gates, unbreakable doors and windows, secure panic room, electronic movement alarms covering the acres of garden and all the other high-tech security paraphernalia. Who would you go to for advice? Well I just have had a brilliant idea. Why not go to the police and ask them “I need secure my home; who is the best house burglar on your books so

As you are probably aware, Mr. Miranda is the partner of the Guardian journalist who has been using the documentation provided by whistleblower Mr Snowdon to publicise mass surveillance by the NSA and GCHQ.  Last Sunday, under the Terrorism Act 2000, he was detained at Heathrow for nine hours whilst in transit from Germany to Brazil; his equipment was also seized (laptop, phone etc). I thought I would do a detailed blog on the interplay between data protection and terrorism law as it

I have just realised the Irish revisions to the text of the European Commission’s Data Protection Regulation anticipates Member States enacting legislation that requires data processors to disclose personal data, possibly for any exemption specified in the Regulation, without the knowledge or consent of the data controller and, if needed, contrary to any instructions given by the data controller. The possibility of such disclosures extends well beyond the “NSA and PRISM” circumstances exposed by whistle-blower, Mr. Snowden. Indeed, I would argue that

Yesterday (Friday; 26th July), Reuters reported that the Irish Office of the Data Protection Commissioner (ODPC) had refused to look at the transfers of personal data undertaken by Apple and Facebook to the USA. An Austrian student activist group had asked the ODPC to investigate allegations that the U.S. National Security Agency (NSA) harvested emails and other private data via PRISM. This blog explains why I think the ODPC analysis is wrong. PRISM is the controversial programme that allegedly gives

Suppose you see a mouse in your house; is this the only mouse in your house? The relevance of the question will come apparent when we dig deeper into those infamous “black boxes” allegedly used by the USA’s National Security Agency, the latest GCHQ mass interception fandango, and the responsibilities of the Information Commissioner. With respect to the “black boxes”, I am surprised that no-one has linked the latest machinations with the SWIFT (Society for Worldwide Interbank Financial Telecommunication) debacle

This blog reports the latest leak from "the DAPIX sieve" in the areas of transfers of personal data outside the EEA and fines from Data Protection Authorities (references below has the link to the leaked document). As is well known the Irish have published the first 40 Articles of the Commission’s Regulation (see previous blogs); this leak (at the end of the Irish Presidency) gives a good idea of the direction of travel in relation to the remaining 50 Articles.

No doubt you have seen this weekend’s brouhaha about GCHQ and the Guardian’s allegation that it has intercepted communications on a gargantuan scale. Well I think Mr Hague can clear everything up with a public statement as to why he thinks such interception is proportionate without any nonsense such as: "I can't say anything because that could jeopardise national security”. Why? Because it is very likely that he has signed (or authorised) a warrant phrased in very general terms that

Today’s blog deals with the UK position on the Irish text of the Regulation and is based on the statements of Chris Grayling MP, the Cabinet Minister responsible for data protection at a June’s Council of Ministers meeting (see references). Following these statements I have concluded that the current UK Government policy on data protection supports a level of protection below that established by Directive 95/46/EC. This arises because the Government want many more data protection obligations in the replacement