Identifying Recipients of GDPR personal data – Theory and Reality

Under the GDPR, a data subject must be informed of the recipients or the categories of recipient of their personal data. These two choices are genuine alternatives. The controller can choose. But can that choice resist circumstances? Under the old regime, likewise it was necessary only to specify non-particularized categories. Hence the semantically meaningless rubbish filling up the non-statements of processing held in various supervisory authorities’ existing “registration” databases. So, under the GDPR, can we still get away with it? After [...]


GDPR: Can children prevent schools from disclosing grades to parents?

“Can I sue my school for telling my grades to my parents via a website, with the European GDPR law?” This is a question asked of me on Quora some time ago by an “interested” data-subject! Normally I pass on such questions, but this hits a nerve. If you just take out the text “via a website”, we have a more general question I get asked by school and university controllers. It’s therefore also one I sometimes work through in [...]