CNIL DPO accreditation

Well I was pretty impressed that France seemed to be the first on the block to get some kind of official recognition for the DPO role. Organisations which train and certify DPOs can apply to be on their list of accredited organisations. Great I think. We need to apply... in 'we' I mean Privasee of … Continue reading CNIL DPO accreditation

Is it proportionate to track your employees?

I have never worked in a call-centre, having sat at Level 2-3 IT support in my younger days, but I've worked very closely with first-line support and felt the pressure that they are under. Their challenge is process as many calls as possible in shortest time, yet maintain quality. This means that the driver to … Continue reading Is it proportionate to track your employees?

Smart-home devices: 3rd-party privacy risks

Rewind to 1996 when I landed a job at Cern in Geneva and started a phase of my life which changed me forever. One of the exceptional engineers I met (Ivan) had configured his home into a primitive version of the 'smart-home' although it wasn't called that then. Everything was connected to a dashboard. He … Continue reading Smart-home devices: 3rd-party privacy risks

To publish pictures of your kids can become illegal in Sweden

More on kids, and Sweden is ahead of the trend as is normal on children's rights. There is a new law (barnkonventionen svensk lag) being discussed which looks as though it will be effective in 2020 which basically means that parents are not permitted to post pictures of their children online without their permission. This … Continue reading To publish pictures of your kids can become illegal in Sweden

Tracking kids in schools

Seems the school sector has gotten cold feet on the use of tracking technologies in schools. Since the decision by the Swedish SA on the use of facial recognition biometrics, other schools are following suit. A right to feel safe vs. a right to a private life - both human rights The question is that … Continue reading Tracking kids in schools

Fine SEK200k on use of facial recognition in Swedish school

Finally some action in Sweden! The ruling is in Swedish, but to summarise the school was using facial recognition on its students. Facial recognition is biometric data, hence sensitive (special categories of data in the GDPR). They used consent as the legal basis but this was considered as unlawful due to the imbalance of relationship … Continue reading Fine SEK200k on use of facial recognition in Swedish school

GDPR SAR exploit…. nah

Thanks to Matt Palmer for bringing this article to my attention, and there has been some Twitter activity on this... but I'm not very active on Twitter... maybe I should.. Anyhow, the claim is that the GDPR was exploited to get personal data via rights exercised by the data subject, but in this case it … Continue reading GDPR SAR exploit…. nah

SARs deadlines

An excellent blog post concerning guidelines from UK ICO on responding to SARs. In short the important bits are: You have a single month to respond to the SAR from the date of receipt until the same date the following month, if it's the last day of the month, it is the last day of … Continue reading SARs deadlines


Cookies has always been a topical subject. If you are overweight and eating a cookie, 'shame on you', although the blue cookie monster, basically made cookies eating, in whatever way fashionable much to our relief. Although one could liken the way the cookie monster eats his cookies to the way cookies are haphazardly thrown onto … Continue reading Cookies!

Digital discrimination is a reality whereby cash is no longer king

As with any form of discrimination, you are deprived of choice, and the right to choice is a human right. The "cash is king" society is being replaced with digital money. What this means is that a large mass of individuals are marginalised because they don't have money in the bank, but they may have … Continue reading Digital discrimination is a reality whereby cash is no longer king