Whats new in ict law - Networkshop44
Download as PPTX, PDF0 likes2,238 views
The document discusses recent developments in ICT law, particularly focusing on EU data protection compliance and the introduction of the Privacy Shield following the inadequacies highlighted by the ECJ in 2015. It outlines key aspects of the General Data Protection Regulation (GDPR), such as breach reporting, data subject rights, and the obligations of data controllers and processors. Additionally, it touches on the Investigatory Powers Bill and its implications for telecommunications operators.
Whats new in ict law - Networkshop44
- 1. What’s new in ICT law Andrew Cormack John Kelly
- 2. Safe Harbor/Privacy Shield »EU Data Protection compliance for exports to US private sector »Original Safe Harbor ruled inadequate by ECJ, Sept 2015 › Largely on basis of Snowden revelations of NSA activity »US/EU Commission announce “Privacy Shield”, Feb 2016 › Article 29WP expected to report mid-April on PS and other provisions › Further legal/diplomatic argument likely thereafter »Model clauses, Binding Corporate Rules, Consent more stable »Or keep data in EU 22/03/2016 What's new in network law?
- 3. » Background » So what does it all mean? (Spring 2018) » Controllers and processors » Data that’s covered » Pseudonymisation » Territorial scope » Notification » One stop shop – how laws are supervised » Penalties » Filing and record keeping GDPR - General Data Protection Regulation 22/03/2016 Networkshopp 44 » DPOs » Breach reporting » Consent » Data protection impact assessments » Data subject rights » Privacy by design and purpose limitation » Export outside EU » Transfers » Data processors » Digital consent for minors » Exceptions
- 4. Incident Response/Breach Notification »GDPR says prevention/detection/response = legitimate interests › So OK to process personal data subject to balance of interests »Breach notification a requirement for all controllers & processors › All breaches affecting PD: record breach & response › Risk to rights & freedoms: notify regulator asap (72 hr expectation) – Nature of breach, consequences, #affected, steps taken/proposed › High risk to individuals: notify them, in consultation with regulator – Including what they can do to protect themselves »Also notification requirements on trust services, telcos, infrastructures… 22/03/2016 What's new in network law?
- 5. Investigatory Powers Bill »Covers existing RIPA interception and comms data disclosure »Also data retention, equipment interference, “technical facilities” › Now extended to any “telecommunications operator” › Not just data you generate or process; only limited by feasibility »Creates Government powers, not operator duties › No requirement till you receive an order › Then probably can’t discuss it with anyone else »Lack of clarity much criticised, including by all Parl’t committees »Now at Committee stage in House of Commons 22/03/2016 What's new in network law?
- 6. »2005 - Fees/cost, time limits, exemptions »2015 - Review launched – 3 central proposed changes »2016 - After 10 years FOI is working well – some recommendations »IPR and disclosures under FOI – Guidance Feb 2016 »FOI and research information: guidance for HE - 2015 Freedom of information 22/03/2016 Networkshopp 44
- 7. jisc.ac.uk Find out more… 22/03/2016 Networkshopp 44 Andrew Cormack John Kelly Andrew.Cormack@jisc.ac.uk John.Kelly@jisc.ac.uk
Editor's Notes
- #4: Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
- #7: 1. Some History – Is anyone here directly involved in responding to FOI requests on a regular basis? I confess to being an FOI nerd not just because it causes embarrassment to public officials about the cost of refurbishing their offices or the fact that it is used to prise information out of Government such as the fact that British pilots are bombing Syria – But because it has made us all more conscious of records management and information Governance – good information practice and categorisation. 2. Three central proposed changes: charging for the requests, making it easier to refuse requests on cost grounds and giving ministers more powers to veto disclosures so that Whitehall has a safe place where civil servants and ministers can devise policy out of the public eye 3. We were not kept in suspense very long - Commission instigated by Matthew Hancock, the Cabinet Office minister, found that after 10 years, FoI is working well - Some recommendations publish all requests and responses where they provide information to a requestor publish statistics 4. IPR and disclosures under FOI – Guidance Feb 2016 Once disclosed, the information is still protected by IP Intellectual property rights 5. How FOI should be applied to scientific research – particularly pre-publication research information - Different types of information are held by HEIs – information may be of particular public interest; of commercial interest; provided in confidence; or sometimes controversial This guidance provides practical case examples derived from ICO decision notices and Information Rights Tribunal decisions