Showing posts with label legislation. Show all posts
Showing posts with label legislation. Show all posts

Monday, 9 March 2015

Part 2: Centre for Law & Information Policy #CLIP Launch!

These notes conclude the second half of the IALS Centre for Law & Information Policy launch on Tuesday 24th February. The theme was ‘Information flows and dams’. The first part is here. I didn't catch verbatim the last two presentations, and happily the keynote speech 'Does Privacy Matter?' is available online - I had another engagement!

EU Data Protection

David Erdos took the enormous confusion that is European data protection and asked ‘Is a reconceptualization possible?’. He made the case for the new regulation being bureaucratic, burdensome and illogical. Starting out with the relatively simple definitions of key terms, he said that personal data is any information relating to a person, even their job titles. Sensitive personal data includes racial profile, sexual identity, political affiliation etc. Given the general ban on processing sensitive data, taken to extremes, just by stating ‘David Cameron, Prime Minister and Conservative MP is a questionable breach of data protection.

Because of these broad definitions, effective protection is limited due to widespread non-compliance.' He quoted Bert-Jaap Koops (2014) and I’ve found this to clarify, ‘unless data protection reform starts looking in other directions — going back to basics, playing other regulatory tunes on different instruments in other legal areas, and revitalising the spirit of data protection by stimulating best practices — data protection will remain dead. Or, worse perhaps, a zombie’. He suggested some solutions:

1. There should be better definitions of the mischiefs that data protection counters.
2. There should be narrower scope and it shouldn't try to regulate everything.
3. It should acknowledge rights conflicts. Innovation shouldn’t be stifled
4. It should delineate peremptory rules
5. And it should be effectively enforced. 

He outlined some historic support of narrowing the regulation’s scope. First was the Durant case at 28 ‘.It follows from what I have said that not all information retrieved from a computer search against an individual's name or unique identifier is personal data within the Act.’ And the second was the OECD framework guidelines 1980, which were very clear on definitions and scope. However given that the regulation is the most amended piece of legislation ever, he is pessimistic about any back tracking and/or tightening of definitions. 

Cloud Computing

The second speaker from this panel – and actually the last in my notes – was Asma Vranaki on ‘the rise of cloud investigations by European data protection authorities’. I have made liberal use of her blog post on the same matter because this was an exceptionally technical presentation. We did have a twitter exchange on the complexity of the matter so please excuse any errors; they are mine alone.

Cloud computing is the use of the internet to run applications or store data. Until recently, we kept everything locally on our computers or on a server in our office basement. Cloud computing revolutionises this because programs and data suddenly become accessible from any device and any location. The information is accessed remotely and not stored locally. If you have ever accessed web-based email, this is cloud computing. If you’ve streamed music or videos, this is cloud computing. Apps like Dropbx, MiCoach or Evernote both rely on cloud computing. Facebook? Cloud computing. And these innovative applications and technologies are proliferating and are clearly here to stay.

Cloud computing relies on large quantities of personal data, and scholars, regulators, and lawyers are becoming increasingly concerned about data protection issues. Who owns the data and how secure is it? It is these issues that the new European data protection laws are looking to address. Many global in-house lawyers are struggling with the complex and intricate data protection issues raised by cloud computing. Many organisations, including law firms, are adopting cloud computing technologies and services because it is an efficient, flexible, and cost efficient way to work. So what are the implications and how can we find out what is happening?

Asma’s work involves looking at various data sources:

1. Audits and/or investigations of cloud providers conducted by national data protection authorities;
2. Relevant press releases and opinions;
3. Current and proposed data protection laws, and; 
4. Relevant lawsuits filed against cloud providers on the grounds of breaches of data protection laws.

With this information she can assess the compliance of cloud providers with relevant data protection laws and determine whether cloud providers have breached relevant data protection laws. Her findings suggest that there have been a growing number of data audits and/or investigations of cloud providers, such as Facebook twice, Google and Whatsapp by national data protection authorities. At the same time, there is less litigation being filed against such cloud providers.

This trend in my view isn’t surprising. Firstly, it is inevitable that there would be an increase in audits because there are more cloud computing providers. What is more interesting is that there have been so few reported breaches. Perhaps the complexity and the international nature of the companies providing server space is one reason for the lack of investigations –and limited litigation. So many jurisdictions can be involved, and if there is more than one service provider, who is the data controller, which jurisdictional laws apply?

She warns in-house lawyers about these audits and says that this shift indicates a significant change in the methods and processes and people involved in assessing compliance. Additionally, further research needs to be conducted into the reasons behind the so-called rise of the ‘Audit Age’.


The event raised many interesting questions around subjects which have been in the news over the last week! There was a recent parliamentary report on drones; security around apps; the cloud, bio tech data...

Thursday, 26 February 2015

Centre for Law & Information Policy #CLIP Launch!

These notes make up the first part of the IALS Centre for Law & Information Policy on Tuesday 24th February. The theme was ‘Information flows and dams’. The Centre itself is looking to advance research across the area of data access and ownership rights, data privacy and confidentiality, freedom of information, legal publishing (both free-to-internet and commercial), preservation and management of legal information, internet and social media regulation (in terms of content, access, and ownership) and the malicious use and misuse of data. It aims to build networks and encourage collaboration. 

Thursday, 22 January 2015

Dresden Conference: Wildgoose Memorial Library

From theoretical surrealist curiosity to artistic rational enquiry, Jane Wildgoose's presentation on the work which has arisen from her 'Memorial Library' was rather interesting. I must confess to being rather sceptical at first because I wasn't sure where she was going, but in the end, the light she shed on national museums' archives was both shocking and influential on her work. I don't want to dwell too much on her own collection because, for me personally, this is the part about which I feel most ambivalent. I appreciate that her library of objects is meaningfully and obsessively collected, as well as being catalyst for her research, but I feel unhappy critically examining her collection here. I merely salute her, and suggest you look at her website.

Wednesday, 21 January 2015

Data Protection and Access to Information: An IALS Lecture


I attended the Institute of Advanced Legal Studies 'Data Protection Act 1984, Freedom of Information Act 2000: thirty and fifteen years on – perspectives on the past and prospects for the future' yesterday evening. The talk, as you'd expect from a university event, was quite academic. I'm used to library/legal events where lawyers/PSLs offer practical solutions to difficult legislation, but it was interesting to hear a different take.

This lecture acknowledged the awkwardness of the various conventions, directives, acts etc., which go to make up the legislative framework of data protection/access to information. There were some interesting insights simply because (shock horror) I'm not aware of the history of data protection, and I had never thought about why 'freedom of information' was actually a complete misnomer. It should be 'a right to access administrative documents' legislation. 

Saturday, 1 June 2013

The Colour of Money; The New Financial Services Regulations

Two of the best things about being in law librarianship for decades are 1. seeing the changes in colours of institutions’ rule books; 2. the learning and relearning of industry acronyms. London Stock Exchange Listing Rules went from being the ‘yellow’ book to ‘that weird aubergine colour’ and the SFA, SIB, FIMBRA, PIA rule books all had their own coloured binders which had to be painstakingly updated by hand. I vaguely remember one of them being green, though the Bank of England reports tended to be a very elegant expensive looking white and gold. However when the FSA overturned these organisations in 2000-01 all their rules were subsumed into the multiple FSA Handbooks (white, purple and pale turquoise green), horrible new binders which would take your thumb off if you let them.