Sunday, March 24, 2013

Data Protection: Facebook and the Right Kind of Establishment

Data Protection: Facebook and the Right Kind of Establishment: "Spanish Court (Audienca Nacional) has referred several questions to the Court of Justice of the European Union on the interpretation of Article 4 of Directive 95/46/EC in relation to a dispute between the Spanish Data Protection Authority and Google.[8] In this reference the Spanish Court asks whether a relevant establishment under Article 4(1)(a) exists when a search engine establishes a subsidiary/office in a Member State with the purpose of promoting and selling advertising space on the search engine, which orientates its activity towards the inhabitants of that State and which collaborates with the parent company (in the US) in respect of data protection questions. Furthermore the Spanish Court asked the Court of Justice to interpret Article 4(1)(c) and decide whether there is use of equipment if the search engine uses crawlers and robots to locate and index information" 'via Blog this'

Wednesday, April 21, 2010

Why you should not use Facebook, and nor should government

This site continually flouts its users' security. Don't believe me, enjoy South Park series 14 episode 4!

Tuesday, March 25, 2008

Joel Reidenberg’s article detailing the dubious legality of safe harbors

Also see:
The blog entry on safe harbour:
The report of the European Commission that Joel, I and some colleagues wrote – safe harbors in action:

4 March 1-2 pm Dr Ian Brown Guest Seminar- data protection current issues in the UK

Day: Tuesday
Date: 04-03-2008 (Week 23)
Time: 13:00 to 14:00
Room: LTB B (35) (AV) (PRS)

Dr Ian Brown is a research fellow at the Oxford Internet Institute, Oxford University, and an honorary senior lecturer at University College London. His work is focused on public policy issues around information and the Internet, particularly privacy, copyright and e-democracy. He also works in the more technical fields of information security, networking and healthcare informatics.

Dr Brown is co-Principal Investigator of the Fair Tracing and e-Curator projects, and teaches courses on Information and Society and Information Systems. He is a member of the VOTES project ethics committee and has advised the PRISD, SWAMI, PRISE and PRIME projects. Previously he worked on the PIMMS, CPOSS and CLEF projects and ran the Cambridge-MIT Institute’s Critical Infrastructure Protection working group.

Since 1998 Dr Brown has variously been a director of Privacy International, the Open Rights Group and the Foundation for Information Policy Research and an adviser to Greenpeace and Creative Commons UK. He is a Fellow of the Royal Society of Arts and the British Computer Society, a senior member of the ACM, and has consulted for the US Department of Homeland Security, JP Morgan, Credit Suisse, Allianz, McAfee, the BBC, the European Commission and the UK Information Commissioner’s Office.

Dr Brown’s work has been covered by the BBC, CNN, CBC and numerous newspapers and magazines. In 2004 he was voted as one of the 100 most influential people in the development of the Internet in the UK over the previous decade.


Week 1 LW656 2008

This week, Iread Google’s privacy policy as a way to familiarise yourselves with data protection policy.

Also read Ian Lloyd, IT Law (3rd Edn 2000 4th Edn 2005) Chapter 3 for background, Chapter 4 for next week’s lecture. You will find many copies in the library and either edition is adequate for background.

You should also read a concise explanation of the rise of privacy laws, Colin Bennett (2002) Information Policy and Information Privacy: International Arenas of Governance

Background reading that may be useful is:
Bennett and Raab (2006) MIT Press, The Governance of Privacy, for the policy background.

There is also a useful collection of readings available:

Week 2 seminar focus is the development of privacy law up to the Data Protection Directive 1995.

Data Protection Act implenting EC/95/46

Please read Chap 3 of Lloyd (if you haven’t already) and ESPECIALLY Chaps 4-5.

Note that there are lots of copies of Lloyd in the library – in both the regular and special collections. Let me know BEFORE the seminar of you have problems.

Also note that Part IV of the law relates to exceptions to the legislation:

Do you agree that the scope of the exceptions is too wide? We will answer this question in class.

Tuesday, March 18, 2008

Phorm and the RIP Act - tracing users' data

See the latest coverage including legal opinions on the new adware application that's causing controversy.

Wednesday, March 21, 2007

OECD data protection: enforcement

See report and Working Party home page.

2006 Sources on Data Protection

A Busch (2006) 3 SCRIPT-ed (4) 304 "From Safe Harbour to the Rough Sea? Privacy Disputes across the Atlantic"
J Rauhofer (2006) 3 SCRIPT-ed (4) 322 "Just because you're paranoid, doesn't mean they're not after you: Legislative developments in relation to the mandatory retention of communications data in the European Union"
P Leith (2006) 3 SCRIPT-ed (4) 389 Squeezing Information out of the Information Commissioner: Mapping and measuring through online public registers"
R Bendrath and R F Jørgensen (2006) 3 SCRIPT-ed (4) 355 "The World Summit on the Information Society - Privacy not Found?"
C Ncube (2006) 3 SCRIPT-ed (4) 344"Watching the watcher: recent developments in privacy regulation and cyber-surveillance in South Africa"
C Prins (2006) 3 SCRIPT-ed (4) 270 "When personal data, behavior and virtual identities become a commodity: Would a property rights approach matter?"
Joshua L Colburn (2006) 91 Minnesota Law Review (Nov) 241 "'Don't Read This If It's Not for You': The Legal Inadequacies of Modern Approaches to E-mail Privacy" (Lexis)
Orin S Kerr (2007) University of Chicago Law Review "Enforcing Law Online"
Rebecca Eve Bolin (2006) 24 Yale Law and Policy Review "Opting Out of Spam: A Domain Level Do-Not-Spam Registry"

Monday, March 12, 2007

Reading week 10

In the CMR you will find various articles by Reidenberg - read at least one, and note his comments on safe harbor provisions.

Wednesday, March 07, 2007

.Net Passport and Airline passenger data

In Week 9 we begin our investigation into Safe Harbours, by examining the Microsoft .NET and a US-EU agreement on airline passenger data.

This short Law Review article is useful as a summary of the .NET issue, the EC has a Press Release and the Article 29 Working Party has a Working Document.

On airline passenger data, there is a much longer body of work, with an Opinion of the Article 29 WP in 2003 extending through to a further Opinion in 2007. The 2007 Opinion was necessary because in 2006 the European Court of Justice overturned the 2004 Decision to allow an Agreement with the US: see Joined Cases C-317/04 and C-318/04.