Putting processing that is "necessary" for "direct marketing" as a valid legitimate interest directly into Article 6 of the UK's GDPR Brexit, which has been officially "co-designed with business", really looks disastrous (irrespective of / in combination with the other changes). 
And the phrase "The Secretary of State may" appears 84 times oh my 🥴
...not mentioning the identifiability stuff, the further processing / purpose stuff, the "recognized legitimate interests" stuff, the records-of-processing" stuff, the SAR firewall etc.
publications.parliament.uk/pa/bills/cbill…
...not mentioning the identifiability stuff, the further processing / purpose stuff, the "recognized legitimate interests" stuff, the records-of-processing" stuff, the SAR firewall etc.
publications.parliament.uk/pa/bills/cbill…
Does anyone have an estimate of whether the current changes to "information relating to an identifiable living individual" in the bill effectively enable almost unlimited pseudonymized data processing on steroids or not?
Seriously, couldn't this turn most personal data in today's digital economy into non-personal data, and thus beyond the scope of data protection?
I mean, just take care that you and your partners do not have "reasonable means" they will "likely" use "at the time of processing"?
I mean, just take care that you and your partners do not have "reasonable means" they will "likely" use "at the time of processing"?
If not, why not?
I know I'm a bit late, I really didn't have the chance to follow the development of the UK Data Protection and Digital Information Bill (#DPDIBill) aka GDPR Brexit, and I'm not a lawyer. Probably, others have already written about it more robustly #disclaimer
I know I'm a bit late, I really didn't have the chance to follow the development of the UK Data Protection and Digital Information Bill (#DPDIBill) aka GDPR Brexit, and I'm not a lawyer. Probably, others have already written about it more robustly #disclaimer
And as I understand it, this would enable any business, app or other data controller to rely on LI for any kind of personal data processing including collection for broadly defined purposes such as national security, defence, detecting/preventing crime without any balancing test.
Politicians, elected representatives, candidates, referendum campaigns and almost everyone who 'assists' them could also rely on LI to collect and process personal data on everyone (read: spy on everyone) for 'democratic engagement' without any balancing test, as I understand it.
The more I read the worse it gets 🥴
Regarding LI, 'direct marketing' already made it into the GDPR thanks to lobbyists. The UK bill moves it from recital 47 to Article 6, making it more prominent, but there's still a 'may'.
The 'recognised' LIs are clearly much more dramatic.
Regarding LI, 'direct marketing' already made it into the GDPR thanks to lobbyists. The UK bill moves it from recital 47 to Article 6, making it more prominent, but there's still a 'may'.
The 'recognised' LIs are clearly much more dramatic.
Some more clarifications on the LI stuff:
https://twitter.com/RobertJBateman/status/1633793117945049089
In addition to the 'recognised legitimate interests' in Annex 1, which can be amended at any time by the UK government, there's a similar list of purposes that should be 'treated as compatible with original purpose'.
I guess, removing barriers for businesses to process personal data at scale and share it in the 'public interest' is a perfect fit for outsourcing public services to private firms and other public-private projects from data analytics to surveillance, with Palantir and the likes.
Great analysis on the planned changes of the definition of personal data in the #DPDIBill and on the question to what extent this may push certain data processing beyond the scope of data protection:
awo.agency/files/Briefing…
Micro thread:
awo.agency/files/Briefing…
Micro thread:
https://twitter.com/alawrencearcher/status/1633905582296973318
• • •
Missing some Tweet in this thread? You can try to
force a refresh
