Blast from the past

As we all endure the lockdown and the uncertainty about when and how it might end, I have been trying to avoid thinking about the past. It’s tempting to dwell on the last time I went to the cinema (Home, Manchester ironically to watch ‘The Lighthouse’), the last time I went to a pub (Tweedies […]

Read More »

Yas Queen!

One of the features of the GDPR which is superficially similar to the old Data Protection Act but turns out to be quite different is the requirement to provide information about how personal data is being used. The word ‘transparency’ is an inherent part of the GDPR first principle, whereas it was absent from the […]

Read More »

“masterclass in not answering questions”

Just about a month ago, I had a little Twitter disagreement with Paul-Olivier Dehaye, patron saint of subject access requests. He said his tool for making subject access was brilliant and revolutionary, and I said it was shit. There was a bit more to it than that, but I was hoping to make this a […]

Read More »

Zero Gravity

In March, I received an unsolicited email from a company called Gravicus. It was scaremongering nonsense, touting their data management software via the threat of director liability for data breaches. So far, so what: I get a lot of spammy junk from GDPR people to my 2040 Training email address, but this was to a […]

Read More »

Certifiable

The slow progress of GDPR has been agonising. From the beginning, with a series of disputed drafts bouncing around European institutions, we’ve had the fraught last minute negotiations in December 2015, the clouds of doubt cast by the Brexit vote, and finally, through a series of government announcements, apparent confirmation that it was still on […]

Read More »

Advertising standards

This week, the great and the good and some other people descend on Cambridge for the 30th Annual Privacy Laws and Business’ three day Data Protection Conference in Cambridge. It’s a big event, with Data Protection regulators, practitioners and a large collective noun of DP lawyers all milling around St John’s College listening to each […]

Read More »

Fair Cop

The bedrock of Data Protection is fairness. You cannot gain consent without fairness. Your interests are not legitimate interests if they are secret interests. Unless you have an exemption or you claim that telling the person represents disproportionate effort (i.e. the effort of telling outweighs the actual impact), you have to tell the person whose data […]

Read More »

Consenting adults

Around two months ago, the Etherington Review into charity fundraising and governance published a series of recommendations about the way the sector should be run. The most eye-catching and ridiculous is the Fundraising Preference Service, which I wrote about at the time. The reaction to the FPS from charities has been almost universally negative, with a series […]

Read More »