18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation...
Transcript of 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation...
![Page 1: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/1.jpg)
UpdateFebruary2017
18/02/18 GeneralDataProtectionRegulation(GDPR)
![Page 2: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/2.jpg)
NewGuidance1
Art29WPDraft:Consent» Reinforcesthenarrowcircumstancesinwhichconsentwillbevalid
Art29WPDraft:Transparency» Prettymuchare-statementofwhattheGDPRitselfsays
ICODraft:Children’sdata(consultationtill28thFeb).ForInformationSocietyServices:» Ifusingconsent:“reasonableefforts”toeithergetfromparentorexcludechildren» Agethresholdfor“children”variesacrossEUL» Evenifnotusingconsent:child-friendlynotices,rightsprocesses,etc.(“cartoons”)
GDPRUpdate:LINX100 2
![Page 3: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/3.jpg)
NewGuidance2
Art29WPFinal:Profilingandautomateddecision-making» Significantimprovementon2017draft» Thresholdisnowrefusalofcitizenship,socialbenefit,etc.(notcycle-hire)» Stillaban(notanexercisableright)onfullyautomateddecisionsatthatlevel
Art29WPFinal:Breachnotification…
ICOFinal(undereIDAS/digitalsignaturesRegulation)» Breachnotificationandrisk-basedsecuritydesign:likeGDPR,but24hourstoreportEuropeanCommission» Infographicstoinformindividuals&organisations» To-dolistformemberstates(justtwohavelegislated)
GDPRUpdate:LINX100 3
![Page 4: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/4.jpg)
MissingGuidance
Finalversionsof» Art29:Consent» Art29:TransparencyStillpromised(otherthanafewparasontheICOwebsite):» ICO:DataProcessorcontracts» ICO:Accountability,includingdocumentation
GDPRUpdate:LINX100 4
![Page 5: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/5.jpg)
LegislativeProgress(DataProtection)
DataProtectionBill(UK)» FinishedHouseofLords» ArrivedinHouseofCommons18thJan
ePrivacyRegulation(EU)» EUParliamentagreedon168requiredamendments› Mostlymorerestrictive,butallowmoreprocessingforsecurity» EUCouncilexpecttobeworkingonitin2H2018
GDPRUpdate:LINX100 5
![Page 6: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/6.jpg)
LegislativeProgress(NISDirectivetransposition)
DigitalInfrastructure(nowconsideredan“essentialservice”,liketraditionalCNI)– TLDregistries(>2Bq/d),– DNSresolvers(>2Mclients/day),DNSnameservers(>250Knames)– IXPs(>50%shareorroutes)
› Regulator:OFCOM› Mustimplement14principles/NCSCCAF› Year1:analyserequirements,gapanalysis,planremedialaction› IncidentthresholdsTBA(users,duration,extent)maybedependency,impact
» DSP(marketplace,searchengine,cloud(elastic&shared))› Regulator:ICO› RequirementssetbyEU:Commissiondraft31/1/18– Reportincidentif>1Muser-hours,100Kusers,€1Mdamage,lossoflife
GDPRUpdate:LINX100 6
![Page 7: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/7.jpg)
Thanks
7
AndrewCormackChiefRegulatoryAdviser,[email protected]://community.jisc.ac.uk/blogs/regulatory-developments/tags/Data-Protection-Regulation
Exceptwhereotherwisenoted,thisworkislicensedunderCC-BY-NC-ND
![Page 8: 18/02/18 General Data Protection Regulation (GDPR) · ICO Draft: Children’s data (consultation till 28th Feb). For Information Society Services: » If using consent: “reasonable](https://reader034.fdocuments.us/reader034/viewer/2022050206/5f5987976185dd16d038e38a/html5/thumbnails/8.jpg)
References
Article29WP:» http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1358
ICO:» Children
https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/children-and-the-gdpr-guidance/
» eIDAShttps://ico.org.uk/for-organisations/guide-to-eidas/NISDirective» https://www.gov.uk/government/consultations/consultation-on-the-security-of-network-and-
information-systems-directive(UKtransposition)» http://ec.europa.eu/info/law/better-regulation/initiatives/c-2018-471_en(ECDSPrequirements)
Myblog:» https://community.jisc.ac.uk/blogs/regulatory-developments/tags/Data-Protection-Regulation
EarlierpresentationsfromLINX98/9
GDPRUpdate:LINX100 8