The UK's International Data Transfer Agreement: what it is and what it means for you

- Posted in data protection by
On 21 March 2022, the UK's International Data Transfer Agreement came into force, along with an Addendum. I've written about the International Data Transfer Agreement before and, bluntly, I wasn't Read more

Third party requests to exercise data subject rights: quick notes for controllers

- Posted in data protection by
An increasing number of third parties are offering services - typically, by way of a web site or an app - to facilitate data subjects in exercising their rights under the GDPR. Controllers on the Read more

The UK's International Data Transfer Agreement: is this the ICO's worst document yet?

- Posted in data protection by
If you've been involved in transfers of personal data to third countries under the GDPR, you'll probably be familiar with the long-standing standard contract clauses. And you may be familiar with the Read more

Events, exclusion lists, and the UK GDPR

- Posted in data protection by
If you run an event, there is - sadly - a strong chance that you've had to deal with inappropriate behaviour. More and more events have adopted a code of conduct, to set out standards of acceptable Read more

Google Fonts, an IP address, and the GDPR: must I now self-host all my web page resources?

- Posted in data protection by
The Register, and probably other places, are reporting about a Munich court's decision that the use of Google Fonts, hosted on a server operated by Google, led to an infringement of German data Read more

Five points to note in the EDPB's draft guidelines on the right of access under the GDPR

- Posted in data protection by
The European Data Protection Board has published draft guidelines on the right of access, for consultation. These are draft guidelines, and so they may change before they are made official. To save Read more

Internet, telecoms, and tech law predictions for 2022

- Posted in telecoms by
Things I predict will happen in 2022: Telecoms companies, Internet service providers, and device manufacturers will start to get to grips with new government security requirements, in some cases Read more

decoded.legal and the seven OSI layers for Internet, telecoms, and tech legal advice

- Posted in Uncategorized by
Blake E Reid, an excellent US tech/telecoms law professor, tweeted: This is a good argument for Internet law folks to take telecom law, where the environmental impacts of Internet infrastructure Read more

How to handle data subject access requests under the UK GDPR

- Posted in data protection by
This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more

Personal data breach reporting for service outages (such as when your CDN is down)

- Posted in data protection by
(CDN: content delivery network. Such as Akamai.) Even though it is not obviously within the scope of the definition of "personal data breach", guidance from both the UK's regulator and the European Read more