anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data

The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?

The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading

anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach

The GDPR and the biggest mess of all: why accurate legal definitions really matter….

Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading

Data protection / Geo-location data / Personal data

Latest Policy Guidance Published on Data Protection and Location Analytics Data

‘We Know Where You Are’ to ‘We Know Who You Are’ … How far are the risks involved with processing information collected from geo-location technologies alleviated by data protection rules? With the wide uptake of smart mobile devices and the rapid development of location-based apps and services, all kinds of geographic information about us are … Continue reading

Data protection / data protection agencies / safe harbour

EU Commission publishes Legal Texts of New ‘Privacy Shield’ Framework for Trans-Atlantic Data Transfers

…But, will the highly anticipated EU-US ‘Privacy Shield’ live up to its super-hero billing? Last month proved to be a particularly busy time for data protection news. First, the Council of the EU adopted a political agreement on the texts that will form part of the new Data Protection Reform Package. Also hitting headlines was … Continue reading

Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU  the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading

Data protection / data protection agencies / Law enforcement

EU Justice Ministers agree ‘common position’ for new EU data protection rules in the field of law enforcement

Adoption of new Data Protection Directive for police and judicial cooperation is one step closer – however, arguments continue over the extent to which the processing of personal data for the purposes of law enforcement , as well as the “safeguarding against and the prevention of threats to public security”, should be subject to traditional … Continue reading

Data protection

EU Data Protection Party warns the trilogue negotiators not to relax limits on how data controllers can use personal data after it has been collected

When it comes to further processing of personal data, will the EU institutions be able to agree on how to deal with purpose incompatibility? The extent to which businesses can justify further processing of personal data for new purposes (that is, for reasons distinct from the original purpose for which the data was collected) can … Continue reading

Data protection / drones / Privacy / Privacy impact assessment

Opinion on drones released by EU Data Protection Working Party

“Technology is neither good nor bad; nor is it neutral” – How far might future usage of drone technology affect the very fabric of the societies in which we live? The Article 29 EU Working Party (WP) has issued an Opinion about the data protection and privacy implications of utilising unmanned aerial systems (“drones”). This … Continue reading

Data protection / Privacy / Surveillance

The new judgement of the UK Supreme Court on the scope of Article 8 ECHR or why Lord Kerr is right…

In its recent judgement of 1 July 2015 In the matter of an application by JR38 for Judicial Review (Norther Ireland) [2015] UKSC 42, the UK Supreme Court held that the publication of photographs of a minor (just about 14 years old at the time of publication) suspected of involvement in criminal activities did not … Continue reading