What’s new in ICT law
Andrew CormackJohn Kelly
03/05/2023
What's new in network law?
Safe Harbor/Privacy Shield
»EU Data Protection compliance for exports to US private sector
»Original Safe Harbor ruled inadequate by ECJ, Sept 2015› Largely on basis of Snowden revelations of NSA activity
»US/EU Commission announce “Privacy Shield”, Feb 2016› Article 29 WP expected to report mid-April on PS and other
provisions› Further legal/diplomatic argument likely thereafter
»Model clauses, Binding Corporate Rules, Consent more stable
»Or keep data in EU
» Background» So what does it all mean? (Spring
2018)» Controllers and processors» Data that’s covered» Pseudonymisation» Territorial scope» Notification» One stop shop – how laws are
supervised» Penalties» Filing and record keeping
GDPR - General Data Protection Regulation
22/03/2016
Networkshopp 44
» DPOs» Breach reporting» Consent» Data protection impact
assessments» Data subject rights» Privacy by design and purpose
limitation» Export outside EU» Transfers» Data processors» Digital consent for minors» Exceptions
Incident Response/Breach Notification
»GDPR says prevention/detection/response = legitimate interests› So OK to process personal data subject to balance of interests
»Breach notification a requirement for all controllers & processors› All breaches affecting PD: record breach & response› Risk to rights & freedoms: notify regulator asap (72 hr
expectation)– Nature of breach, consequences, #affected, steps taken/proposed
› High risk to individuals: notify them, in consultation with regulator– Including what they can do to protect themselves
»Also notification requirements on trust services, telcos, infrastructures…
03/05/2023
What's new in network law?
03/05/2023
What's new in network law?
Investigatory Powers Bill
»Covers existing RIPA interception and comms data disclosure
»Also data retention, equipment interference, “technical facilities”› Now extended to any “telecommunications operator”› Not just data you generate or process; only limited by
feasibility»Creates Government powers, not operator duties
› No requirement till you receive an order› Then probably can’t discuss it with anyone else
»Lack of clarity much criticised, including by all Parl’t committees
»Now at Committee stage in House of Commons
»2005 - Fees/cost, time limits, exemptions »2015 - Review launched – 3 central proposed changes»2016 - After 10 years FOI is working well – some
recommendations »IPR and disclosures under FOI – Guidance Feb 2016 »FOI and research information: guidance for HE - 2015
Freedom of information
22/03/2016
Networkshopp 44
jisc.ac.uk
Find out more…
22/03/2016
Networkshopp 44
Andrew CormackJohn Kelly
[email protected]@jisc.ac.uk
Recommended