big data / consent / data controller / GDPR / General Data Protection Regulation / Personal data

Data Protection and data analytics: what is Art. 29 WP really saying to businesses wanting to innovate with data?

    In three-month time, the General Data Protection Regulation (GDPR), will become applicable to many, if not all, data processing activities to which living individuals can be associated. Businesses operating in Europe have had about two years to prepare for this change. As readers know, even if the GDPR is a lengthy piece of … Continue reading

Data protection / General Data Protection Regulation / ICO / misuse of private information

The GDPR, the parallel regime and the ICO

The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading

consent / Data protection / General Data Protection Regulation / Geo-location data / Personal data

Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance

Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading

anonymisation / big data / Data protection / General Data Protection Regulation / Personal data / pseudonymisation / research / sensitive data

What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPR better than the Directive?

What does the agreed version of the GDPR say about processing personal data for research purposes? Is the GDPD better than the Directive? So here we are. It’s almost Christmas and after three years of intense debate the Council of the European Union and the European Parliament have announced that they have informally agreed on … Continue reading

Data protection / data protection agencies / ICO

A UK view of the Council’s common position on the proposed General Data Protection Regulation – Over to you, ICO…

ICO has EU reform negotiations firmly in sight as it reiterates its views on the benefits and dangers involved with a risk-based and flexible approach to data protection enforcement Further to Sophie’s post on the German viewpoint, the ICO – the UK’s data protection agency – has also added its voice to the public debate … Continue reading

Data protection / pseudonymisation / Risk-based approach

Council reaches general agreement on proposed Data Protection Regulation, but disagreements remain in view

‘A single road ahead or cross-roads reached?’ – Is the aim of EU harmonisation of data protection rules disappearing out of sight? On 15 June, the Council of the EU announced that it had agreed a general approach to the draft Regulation on the protection of individuals with regard to the processing of personal data … Continue reading

big data / Data protection

Businesses engaged in ‘big data’ personal data processing should consider carefully whether they have ‘legitimate interests’ grounds to justify their activities, says ICO

How exactly should data controllers carry out a ‘balance of interests’ test between their interests and the interests of data subjects? The application of data protection rules to big data technologies raises a number of legal and compliance issues, some of which I highlighted in my recent post about the latest comments from the Information … Continue reading

Data protection / facebook / Privacy / Privacy policies

Facebook needs to re-revise its privacy policy says recent Belgian report.

On January 30th 2015, Facebook revised its Data Use Policy (DUP) and Terms of Services. At the request of the Belgian Privacy Commission, ICRI/CIR (KU Leuven) and iMinds-SMIT (Vrije Universiteit Brussel) have conducted an extensive analysis of the revisions. So what does the current version of their report (dated 23rd February 2015) find? Emma Cradock, … Continue reading

big data / consent / Data protection / health data / Privacy / sensitive data

Article 29 Working Party on the concept of health data: could it mean that we need to adapt the definition of health data as well as that of personal data?

On 5 February 2015, the Article 29 EU Data Protection Working Party (WP) issued a letter addressed to Paul Timmers – the Director of Sustainable and Secure Society at the European Commission. Within the Annex of this letter, the WP identifies relevant criteria to determine when data processed by lifestyle and wellbeing apps and devices … Continue reading