Cross Border Data & Brexit

The Daily Mirror commented on the impending end of the Brexit transition period and SME compliance with any new data protection rules. They have a couple of Govt. officials and ministers saying that people had better get ready. In my linkedin post on the topic, I suggest it might be a  bit late and we still have a moving target because we don’t know if there’s going to be a post transition deal; one is necessary to establish adequacy equivalence while our application for adequacy is considered.

The Mirror story was hooked onto an ICO statement, whose advice is most recently posted here, we should note that the advice does not apply to the US nor Switzerland. Basically they advise creating data exchange contracts with your correspondents, using “standard contractual clauses”. Unfortunately, due to the ruling from the ECJ known as “Schrems II”, contracts will be needed for each correspondent. I am surprised that no-one is offering an aggregator service.

The Schrems II ruling places a big question mark over the US Privacy Shield and thus the Adequacy compliance of the US owned cloud & SAAS providers. I found this summary at Field Fisher’s site.

This ruling declared invalid reliance on the EU-US Privacy Shield as a lawful mechanism for exporting data to the US, due to concerns about surveillance by US state and law enforcement agencies (and with the subsequent effect that the Swiss-US Privacy Shield has also suffered a similar fate in the past day).  It upheld the EU Standard Contractual Clauses (“SCCs”) as a lawful mechanism for data exports, but subject to an assessment of the recipient territory’s laws and the potential need to put in place “supplementary measures” to ensure that exported EU data remains protected to a standard that is “essentially equivalent” with EU law.

This is going to be very difficult and the UK exceptions and law enforcement powers may make Adequacy hard to achieve. Neither the Commission, nor the US Govt want to stop the flows of personal data but the law’s the law and many of the EU’s citizen’s are the children of fascist and stalinist societies and consider privacy and the scale enabled by automation to be real threats to liberty.


The ICO hosts its advice at this page.

Technical Debt

When I first heard the phrase “Technical Debt”, I nearly fell of my chair, but recently, a couple of articles have passed me by and I thought I’d have look and think about if it helps address the intractable problem of maintaining legacy technology, but particularly applications code. The problem is that to make changes, one often has to amend code that’s already in use. This increases the cost of the project. The increase in cost to new projects is part of the “Technical Debt”, however, it’s basically a metaphor. Is the problem one that financial management tools, can be used to improve the understanding of? Does this apply better to code that one has development rights to, rather than packages or infrastructure? Here as every are my notes and links. Continue reading “Technical Debt”

Mucking around until it breaks

This took a lot of time, I decided to see if I could minimise the occurrence of my BSOD “UNEXPECTED STORE EXCEPTION”. This involved reinstalling my anti-virus product, changing it’s passwords and then repairing my fingerprint reader driver as a result of a Code 19 error on my fingerprint reader. FFS! 😡 Here are my notes. Continue reading “Mucking around until it breaks”