How to handle data subject access requests under the UK GDPR

- Posted in data protection by
This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more

Dealing with demands for communications data under the Investigatory Powers Act 2016

- Posted in telecoms by
This blog post looks at the obligations imposed on telecommunications operators under the Investigatory Powers Act 2016, to provide communications data in response to a notice from UK public Read more

How the draft Online Safety Bill would affect the development of Free / open source software

- Posted in hosting by
As readers of my personal blog, or people who know me, will probably be aware, I'm a proponent, and user, of Free and open source software. And this got me thinking: how would the draft Online Safety Read more

Personal data breach reporting for service outages (such as when your CDN is down)

- Posted in data protection by
(CDN: content delivery network. Such as Akamai.) Even though it is not obviously within the scope of the definition of "personal data breach", guidance from both the UK's regulator and the European Read more

Online ID / age verification: the death of online search, and non-browser web access?

- Posted in hosting by
Neil note: I've published this with the hope that others familiar with what this could entail will give feedback. As such, what you read now might not be the final version. If I make material Read more

No, the European Commission is not compelling online service providers to monitor communications. Well, not yet.

- Posted in surveillance by
I've seen a few comments saying words to the effect of "an amendment to the European directive on ePrivacy will require online service providers to monitor their users' communications". This is Read more

"All reasonable endeavours" v "best endeavours": a 2021 case update

- Posted in business by
If you've worked with contracts for any length of time, you'll have had a discussion / argument with someone as to whether a party's obligation to do something should be: absolute limited to them Read more

Github Copilot: initial thoughts from an English law perspective

- Posted in software by
(I have more questions than answers, but I thought it was worth writing something, even if just as a straw man for others to rip apart.) Introducing Github Copilot Github has launched a beta tool, Read more

The UK is adequate (for data protection purposes)

- Posted in data protection by
The long-running saga as to whether the United Kingdom will be considered "adequate" from a data protection point of view has reached an important, and probably welcome to many, point: today, the Read more

The new standard contract clauses: what you need to know right now

- Posted in data protection by
The European Commission has published a new set of standard contract clauses. They're also in the Official Journal, as of 7 June 2021. If you are subject to the GDPR and you are involved — whether Read more