Events, exclusion lists, and the UK GDPR

- Posted in data protection by
If you run an event, there is - sadly - a strong chance that you've had to deal with inappropriate behaviour. More and more events have adopted a code of conduct, to set out standards of acceptable Read more

The limits of Norwich Pharmacal orders: when a cellular operator is a witness, not a facilitator of wrongdoing

- Posted in connectivity by
The Court of Appeal has ruled on an interesting point of law, to do with a UK mobile operator and Norwich Pharmacal orders. What is a Norwich Pharmacal order A Norwich Pharmacal order is a court Read more

No, the European Commission is not compelling online service providers to monitor communications. Well, not yet.

- Posted in surveillance by
I've seen a few comments saying words to the effect of "an amendment to the European directive on ePrivacy will require online service providers to monitor their users' communications". This is Read more

Understanding the Data Protection Act's national security and defence exemption

- Posted in data protection by
1 This post covers the Data Protection Act 2018's national security and defence exemption. Most controllers will never need to rely on this but, if you do, it's a useful provision, and one which you Read more

Five things to take from the European Parliament's response to the Commission on the GDPR

- Posted in privacy by
The European Parliament has published its report on the European Commission's report on the implementation of the GDPR, which the Commission published two years after its application. Yes, it's a Read more

Combatting child sexual abuse imagery: a proposed exemption to the EU's ePrivacy rules

- Posted in connectivity by
1 The European Commission has published a proposal for a regulation which, if passed, would provide a time-limited and very constrained exemption to the rules set out in the ePrivacy framework, which Read more

What is a data protection impact assessment, and when might I need to do one?

- Posted in data protection by
1 You may have spotted in the news that the government has said that it has not done a data protection impact assessment — a DPIA — for part of it coronavirus contact tracing system, even though Read more