Personal data breach reporting for service outages (such as when your CDN is down)

- Posted in data protection by
(CDN: content delivery network. Such as Akamai.) Even though it is not obviously within the scope of the definition of "personal data breach", guidance from both the UK's regulator and the European Read more

Online ID / age verification: the death of online search, and non-browser web access?

- Posted in hosting by
Neil note: I've published this with the hope that others familiar with what this could entail will give feedback. As such, what you read now might not be the final version. If I make material Read more

No, the European Commission is not compelling online service providers to monitor communications. Well, not yet.

- Posted in surveillance by
I've seen a few comments saying words to the effect of "an amendment to the European directive on ePrivacy will require online service providers to monitor their users' communications". This is Read more

"All reasonable endeavours" v "best endeavours": a 2021 case update

- Posted in business by
If you've worked with contracts for any length of time, you'll have had a discussion / argument with someone as to whether a party's obligation to do something should be: absolute limited to them Read more

Github Copilot: initial thoughts from an English law perspective

- Posted in software by
(I have more questions than answers, but I thought it was worth writing something, even if just as a straw man for others to rip apart.) Introducing Github Copilot Github has launched a beta tool, Read more

The UK is adequate (for data protection purposes)

- Posted in data protection by
The long-running saga as to whether the United Kingdom will be considered "adequate" from a data protection point of view has reached an important, and probably welcome to many, point: today, the Read more

The new standard contract clauses: what you need to know right now

- Posted in data protection by
The European Commission has published a new set of standard contract clauses. They're also in the Official Journal, as of 7 June 2021. If you are subject to the GDPR and you are involved — whether Read more

Must all UK Internet access providers keep records of which websites I visit?

- Posted in surveillance by
This blogpost addresses a common claim, that all UK Internet access providers are required to retain everything about their subscribers' or users' activities. Every packet they shift, every web page Read more

The EU's "terrorist content" regulation and what it means for UK hosting providers

- Posted in hosting by
The European Parliament has adopted (deemed approved) a regulation addressing the dissemination of terrorist content online. The stated aim of the Regulation is to "address the misuse of hosting Read more

Understanding the Data Protection Act's national security and defence exemption

- Posted in data protection by
1 This post covers the Data Protection Act 2018's national security and defence exemption. Most controllers will never need to rely on this but, if you do, it's a useful provision, and one which you Read more