Data protection / General Data Protection Regulation / ICO / misuse of private information

The GDPR, the parallel regime and the ICO

The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading

General Data Protection Regulation / illegal content / Internet intermediaries / Legitimate interest / Personal data

The CJEU and the concept of ‘legitimate interest’: The case of Rīgas satiksme

The Court of Justice of the European Union (CJEU) delivered its awaited judgment on 4 May in the case Valsts policijas Rīgas reģiona pārvaldes Kārtības policijas pārvalde v Rīgas pašvaldības SIA ‘Rīgas satiksme’, answering two related questions: ‘(1)      Must the phrase ‘is necessary for the purposes of the legitimate interests pursued by the … third party … Continue reading

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading

content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten

The GDPR, the proposed Copyright Directive and intermediary liability: one more time!

A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading

Access to data / Data protection / General Data Protection Regulation / Law enforcement / Legitimate interest / Personal data / sensitive data

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading

Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach

A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?

  The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading