A better privacy policy

M20, from my branch, on making the privacy policy better was moved  by and carried, annoyingly I didn’t make the point powerfully enough that the problem is that the GMB will not permit the use of email for contract purposes if members have opted out of email. The requirement for channel opt-outs precede the GDPR and depending on the privacy policy, an artefact required by the GDPR, means that email cannot be used for correspondence required by the membership contract such as dunning letters, or meeting convening notices, or even elections. The default communication mechanism is real mail. The debate is captured on youtube and starts here with my moving speech

This blog article is best read with [some of], the following documents, the final agenda document, GMB’s Congress page which contains all the documents and the video index is available as a playlist or as individual videos  at the GMB’s youtube channel. This article has been back dated to about the time of occurrence. …

Another Europe, Big Tech and democracy

a cctv camera

This was a webinar called, “The big tech threats to democracy, challenging the oligarchy from Musk to meta” which was hosted by Another Europe. This article consists of the notes I took at the meeting and while I was hoping to improve my notes on the speakers contributions by reviewing the video, I am unsure if this will become available.  It also consists of the notes I used for my contribution as I was asked to speak from the floor. I made this article because I think it was the first time I argued for the need for joining the single market to participate in the EU’s democracy shield and digital market regulation regime. This article has been back dated to the day after the day of occurrence. I have tried to ensure that comments that became obvious or were impacted by events after the seminar, are presented as foot notes.For more, see below or overleaf … …

An AI prosecutor?

An image of a robot in black and white

I wrote a Linkedin an article called an AI prosecutor. In it I say,

The problem with modern software is much of it is inference, and completely unsuitable for “beyond reasonable doubt”. It’s also opaque and likely to fail the tests around if it returns popular vs accurate and authoritative results. It’s often wrong and arguably a bullshitter. The EU’s GDPR introduced the right to freedom from profiling, which means a freedom from being processed automatically by computers. This is an important barrier.

This is my first written declaration that that the GDPR’s “freedom from profiling” is a crucial defence of humanity against the machines.

My alarm about the consultation was probably unnecessary.  …

Data-driven campaigning: how and why do political parties do it?

Data-driven campaigning: how and why do political parties do it?

I attended a lecture last week, it was advertised by its conveners on twitter. The lecture was videoed and I am expecting the video to be posted on Youtube. I’ve made some notes, some about what the lecturers said and some about the thoughts they provoked.  I try to offer some value on this blog, however much of this article is reporting the views of the three lecturers;

The lectures argue there's little to worry about; I disagree and quote the ICO and the DCMS select committee to back up my thoughts. They suggest that Gen-AI is not yet in use and suggest that Fake News does not have much effect. i suggest that Fake News reinforces prejudice and drives out reasoned policy analysis. I conclude that there are common practices that need better regulation. Regulation's weakness is based on powers and accountability in the case of the Electoral Commission, a lack of will in the case of the ICO and a lack of resources and independence in the case of ONS. I hope there’s enough of what I say to be worth the read. Please use the 'Read More' button to view the complete article which is about four pages long ...

What the CoFoE thinks about citizen privacy

What the CoFoE thinks about citizen privacy

The Conference on the Future of Europe, Democracy and Rule of Law panel has generated 39 recommendations to improve the EU’s Democracy and compliance with the Rule of Law. Three of these related to Privacy and one to Cybersecurity. I have drafted a response for CTOE, which I hope will become part of their response but did not form part of their first response, which is fortunate since I changed my mind slightly. The article, overleaf, covers regulations and sanctions, equality of arms, and enforcement and political will. ...

A note on Data Protection Officers

A note on Data Protection Officers

Data Protection Officers roles were revised by GDPR and the member state implementations. Here is a reminder for those that need it.

Article 37 states that a processor or controller requires a DPO if it is a public authority, if it requires regular sys systematic monitoring of data subjects on a large scale or if it processes special data.

A DPO may work for multiple companies, but Article 38 requires the DPO to be adequately resourced and supported.

The DPO must be appointed on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks specified in the GDPR Article 39.

Article 38 states that the DPO must be involved in in all issues which relate to the protection of personal data, be properly resourced to perform their duties and to maintain their professional expertise, not receive instructions on the conduct of their duties, not be dismissed for doing their job, and report to the highest levels of management.

The tasks of the role are defined in Article 39, the job is to advise the highest levels of management on their obligations, to monitor compliance including the assignment of responsibilities,  training and operations’ audits, to assist and monitor the data privacy impact assessments, to cooperate and act as a contact point for the supervisory body, in the UK, the ICO.

I have used the EU text as the source of my summary and is reproduced overleaf/below ...

This post was originally posted at linkedin.

More Brexit missed or almost missed deadlines

More Brexit missed or almost missed deadlines

This article, or one very similar to it first appeared on AEIP's Brexitspotlight. The 3rd deadline of the post Brexit Future relationship passed on the 30th June. The deadlines were on the issues of cross border data adequacy, northern Irish meat product movement, the end of equivalence for share depositaries and the end of the grace period to allow EU citizens resident in the UK to apply to stay. It looks like the security depository equivalence was sorted in Sept. 2020 and the EU have granted a three month extension on moving chilled meat from Great Britain to Northern Ireland as required by the treaty’s Northern Ireland protocol[1]. The Commission flagged the agreement of a data adequacy ruling earlier in the year and finally agreed it with two days to go. The parliament is more sanguine. The EDPB is also more cautious, and we expect the CJEU to be so too. Whenever the CJEU has ruled, it has ruled in favour of citizens, whereas the ECtHR gives nation states significant leeway. For more see here, or read more ....

Privacy Regulation

Privacy Regulation

I wrote a little piece on my linkedin blog on the EU Commission’s proposal to agree a data “adequacy” agreement. I point out the next set of hurdles, although I downplay the likelihood of any intervention by the CJEU but note that not was critical in striking down the original EU/US “Safe Harbour” agreement. I note that one threat to its renewal at the end of its four year live is the desire and plans of the British Govt to depart from the current legal protections which are based on the EU’s GDPR. For more, see overleaf or below. … …

Automating the professionals

Automating the professionals

I attended a seminar the other day which raised some questions in my mind about the next and prior waves of automation, the location of value creation and the legal/social barriers to adoption. Much is spoken of the use of artificial intelligence to augment or replace professional workers and this note briefly looks at this. It examines the nature of decisions and the need to transparently serve a human rights agenda, the question of regulation and assessment by one’s peers, and why it’s so hard to organise Trade Unions amongst the software authors. …