Monthly Archives - April 2018

Identifying Recipients of GDPR personal data – Theory and Reality

Under the GDPR, a data subject must be informed of the recipients or the categories of recipient of their personal data. These two choices are genuine alternatives. The controller can choose. But can that choice resist circumstances? Under the old regime, likewise it was necessary only to specify non-particularized categories. Hence the semantically meaningless rubbish filling up the non-statements of processing held in various supervisory authorities' existing "registration" databases. So, under the GDPR, can we still get away with it? After all,...

Read more...

GDPR, IP addresses, and classification – theory and practice

IP addresses can determine jurisdiction - as classically exploited by private and public surveillance agencies, BigTech, other data brokers,  and just about any web site owner. This is well known. As is the fact that such tracking information is key to everyone's commercial efforts to destroy net neutrality and undermine the web. But what does this mean for GDPR compliance? Can it be exploited for classifying individuals' jurisdiction? Should it? What are the pros and cons? Theory (law) I note in passing...

Read more...