Right to be forgotten

A convicted German murderer won the right to have all mention of his crime scrubbed from internet search results under 'right to be forgotten' laws (Business Insider)

A convicted murdered in Germany has the right to get all mention of his crime deleted from internet search results under the EU's "right to be forgotten" provision, Germany's highest court has ruled.

The man was sentenced to life in jail in 1982 for murdering two people in 1981, and has tried to get three Der Spiegel news articles naming him as a murderer to be removed from search results since 2009.

A constitutional court in Karlsruhe ruled on November 6 that he has that right, overruling the German federal court which threw out his case in 2012.

LMAO.

Continue Reading
Sunday Paper, Rucksack, Magazine, Camera, Pocket Watch, Notebook, Leather, Range Finder Camera, Camera, Ruck

Sunday Paper - Facebook, GDPR and Ireland, Racism, Brazilian Coffee, Mommy Blogging, Public Transportation and Princeton and the New York City Gateway Tunnel Project, New York City Commuter Tax

Unexceptional Racism by Drew Downs (Drew Downs)

At the root of American identity is an impossible paradox. A truth we wish could coexist so much, we would take up arms to defend it.

We want to be exceptional and equal at the same time. But we can’t. It’s impossible.

Sunday Paper is my personal collage of long-form articles, between 1,000 and 20,000 words, that I have saved during the weekend, that I found interesting and which I think require deep slow thinking. I think they are best read on a Sunday morning as a sort of personal Sunday newspaper. The pastor's writing is a…

Continue Reading

Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions

Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions by an author (Oxford Academic, Journal of Cybersecurity, Volume 4, Issue 1, 1 January 2018)

The notion of consent revocation, or withdrawal, has also been brought into light recently, with many to argue for a right to revoke consent and for a more user friendly and personalized consent mechanism [71–72]. Indeed, when individuals’ are given the opportunity to grant consent to the use of their personal information as a primary mean for exercising their autonomy and to protect their privacy, it should be logical to exist a corresponding option to withdraw or revoke that consent, or to make subsequent changes to that consent [73, 18]. The principle of consent withdrawal within the Human Computer Interaction (HCI) context has been studied in many ethical research projects, with Benford et al. in [74] to underline that in many cases it may be difficult to fully withdraw in practice because the issue of balancing consent, withdrawal and privacy is a very demanding managed task. Whitley in [18] argues further that, since the revocation of consent can mean a variety of different things depending on the circumstances and constitutive purposes that the data are being held for, it is helpful to differentiate between revoking “the right to hold” personal data and revoking “the right to use” personal data for particular purposes. Revoking the right to hold might be implemented by marking a particular record as no longer “being live” or may require the deletion of records and, in extreme cases, it might require deleting data from backups and physically grinding the hard disks. In addition, providing auditable, privacy friendly proof of compliance when and how the revocation has been achieved is a challenge both technologically and legally [18]. For instance, the advancements towards privacy-enabled networks and infrastructures puzzles some academics [75] who afraid that the same mechanisms have been put in place to protect the privacy of data (like de-identification) may actually make it very difficult to trace and remove individual derived data in order to allow participants to withdraw completely their consent and be forgotten. In such situations, as Kaye [75] underscores, it may be only possible to prohibit the entry of new information and samples into the system. Apart from these practical difficulties, there are also economic and public-good arguments for disallowing absolute withdrawal. For instance, in the bio-banking field complete withdrawal could lead to the wastage of resources invested in bio-repositories [75–76] whereas the practice of archiving qualitative research data for substantive secondary analysis can be significantly challenged under the revocation mechanism for withdrawing consent [77]. Due to these immense consequences, many academics and legal experts questioning the concept of consent withdrawal.

Continue Reading

Bird & Bird Guide to the General Data Protection Regulation

Bird & Bird guide to the General Data Protection Regulation by Bird & Bird (Bird & Bird)

The changes which are to be ushered in by the GDPR from Friday 25 May 2018 are substantial and ambitious. The Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and concepts to be introduced such as the ‘right to be forgotten’, data portability, data breach notification and accountability (to call out only a few) will take some getting used to. Even its legal medium - a regulation
not a directive - makes the GDPR an unusual piece of legislation for data protection lawyers to analyse.

 

This guide seeks to summarise the key changes that the new law will bring and to highlight the most important actions which organisations should take in preparing to comply with it.

IANAL. Bird & Bird are.

Continue Reading

Software Development and GDPR

Software Development and GDPR by OISIN HURLEY (OISIN)

Are you in control of the presence of data in your database? Yes. It’s up to you to delete it when requested. Are you in control of the data on your hard drive? Yes. It’s up to you to delete it when requested. Are you in control of the operating system implementation or database implementation of deletion? No. Could you get the data back if you wanted to? Yes – but that’s not part of your usual run of business, so why would you explicitly do that? What if some bad dude steals your hard drive and then rummages through it? Ok, we are getting a little far-fetched here for most businesses that are not keeping special category data, but if this does happen, then you have failed in your security controls.

Continue Reading