Profiling

GDPR engagement of 30+ additional jurisdictions – automated pleadings

Abstract: (1) The GDPR arguably, either directly or indirectly, could engage in a relatively straightforward fashion circa 30 jurisdictions apart from EU and EEA nations; plus some special jurisdictions such as places in northwest Africa, as implied by the Polisario jurisprudence. Pleadings for several such jurisdictional scenarios are explained. (2) My post on Brexit-proofing software contained an example of how jurisdictions might be embedded into a legal architecture artefact. That same example is reused to demonstrate how such pleadings can be...

Read more...

GDPR, IP addresses, and classification – theory and practice

IP addresses can determine jurisdiction - as classically exploited by private and public surveillance agencies, BigTech, other data brokers,  and just about any web site owner. This is well known. As is the fact that such tracking information is key to everyone's commercial efforts to destroy net neutrality and undermine the web. But what does this mean for GDPR compliance? Can it be exploited for classifying individuals' jurisdiction? Should it? What are the pros and cons? Theory (law) I note in passing...

Read more...

GDPR: Can children prevent schools from disclosing grades to parents?

"Can I sue my school for telling my grades to my parents via a website, with the European GDPR law?" This is a question asked of me on Quora some time ago by an "interested" data-subject! Normally I pass on such questions, but this hits a nerve. If you just take out the text “via a website”, we have a more general question I get asked by school and university controllers. It’s therefore also one I sometimes work through in appropriate...

Read more...