UEA Law School

Blogs are permeating most niches of social life, and addressing a wide range of topics from scholarly and political issues1 to family and children’s daily lives. By their very nature, blogs raise a number of privacy issues as they are easy to produce and disseminate, resulting in large amounts of sometimes personal information being broadcast across the Internet in a persistent and cumulative manner. This article reports the preliminary findings of an online survey of bloggers from around the world. The survey explored bloggers’ subjective sense of privacy by examining their blogging practices and their expectations of privacy when publishing online. The findings suggest that blogging offers individuals a unique opportunity to work on their self-identity via the degree of self-expression and social interaction that is available in this medium. This finding helps to explain why bloggers consciously bring the ‘private’ to the public realm, despite the inherent privacy risks they face in doing so.

The EU Directive 95/46/EC specifically demarcates categories of sensitive data meriting special protection. It is important to review the continuing relevance of existing categories of sensitive data in the light of changes in societal structures and advances in technology. This paper draws on interviews with privacy and data protection experts from a range of countries and disciplines and findings from the Information Commissioner’s annual telephone survey of the British public in order to explore satisfaction with the current categories of sensitive data. It will be shown that the current classification of sensitive data appears somewhat outdated and thus ineffective for determining the conditions of data processing. Finally, possible reform proposals will be reviewed, including a purpose-based approach and context-based approach.

Cloud computing technology promises to revolutionise business models for data processing, dissemination and storage, through on-demand, low cost, Internet-based computing services. Indeed, analysts estimate that within the next five years, the global market for cloud computing will grow to $95 billion and that 12 per cent of the worldwide software market will move to the cloud in that period.  However, unless companies providing or using cloud computing models can adequately reassure individuals that their data will be accessible and the privacy of their data will be safeguarded, consumers may not permit their data to be processed in this way, and businesses may find themselves constrained in their choices of IT services.  This chapter begins by exploring the technological and business capabilities of cloud computing before examining the contractual, privacy and data protection concerns generated by this advance in computing, and assessing the adequacy of current EU laws, in order to determine whether the promised cloud computing economic silver linings are threatened by legal storm clouds.

The response rates to traditional survey methods - postal and telephone - have been in decline over the past decade, and for many types of research are not cost effective.
The session focused on the potential advantages of using an online survey to collect data, as if it is used innovatively, for example, promoted through YouTube and through high-profile bloggers and discussion boards, it can become self-promoting and generate high levels of responses

This paper outlines the findings from an action research study conducted at Salford Law School; reporting the responses of students to the inclusion of an electronic voting
system (hereafter referred to as ‘clickers’) in large group Undergraduate Public Law
lectures.
The paper begins reflecting upon my current lecture practice in the context of existing
literature and by reviewing feedback from previous cohorts of students. This reveals that the traditional, didactic lecture style, commonly employed by law lecturers in the UK has been criticized for fostering student passivity and resulting in surface learning
(Ramsden, 1992). In contrast, studies carried out in pure science disciplines; medicine, engineering and mathematics (Hake, 1998; Crouch and Mazur, 2001) indicate positive results from use of clicker quizzes, in terms of increasing student interaction and engagement.
Accordingly, I decided to incorporate clicker quizzes into lectures, and measure student
responses to this change in teaching practice. The findings indicate that clicker usage
increased student interaction and engagement. This study concludes that clickers
should be used on an ongoing basis in Public law lectures, and also indicates positive
support from students regarding the use clickers in other undergraduate law subjects.
Furthermore, although the findings from this action research study are not
generalisable, the responses suggest that clickers could be an effective teaching tool in
large group sessions in other disciplines, since they replicate findings from previous
studies in other disciplines.

In this article, Dr Mc Cullagh examines whether the Freedom of Information Act 2000 (FOIA) and Freedom of Information (Scotland) Act 2002 (FOISA) are fit for purpose as they enter their second decade. A two-fold approach is used to make this determination. Firstly, an assessment of the degree of compliance of both Acts against a set of UN endorsed principles is undertaken. This reveals that neither Act is fully compliant with the normative principles. Secondly, the Acts are compared against each other. The comparative analysis demonstrates that the Acts are creatures of their respective parliaments and that their evolution has been shaped by the distinct political cultures in which they operate. It concludes that at present FOISA offers stronger information rights but that both Acts should be amended to ensure full compliance with the UN endorsed principles if both jurisdictions are to have information rights that are fit for purpose as they enter their second decade.

Edinburgh Law Review: http://www.euppublishing.com/doi/10.3366/elr.2017.0389

Following the outcome of the historic 'Brexit' referendum on 23 rd June 2016 in which a majority of eligible voters in the UK voted to 'Leave,' the United Kingdom is potentially on course to leave the European Union, but to ensure continued economic success it will seek to maintain a favourable trading relationship with the EU. This article identifies and critically evaluates the various types of trade deals the UK might negotiate upon exit with a particular focus on trade in services since financial and digital services are key components of the UK economy. It also offers both pre and post exit guidance on the data protection permutations of each type of trade deal and concludes that post-withdrawal, the UK should ensure that its data protection law is fully compliant with Regulation (EU) 2016/679. Forging its own data protection path could lead to isolation.

Almost 20 years ago, the first social networking site (“SNS”) was launched
in the U.S. Whilst developers originally intended for SNSs to be used by
adults—which they are—they have also become an integral communication
platform in the lives of many children in EU Member States. Sharing personal information on SNSs is now a routine activity for many children and, whilst they are computer literate in a way that their parents are often not, a number of concerns have emerged. One of these concerns is that children are vulnerable since they lack the capacity to consent to the terms of SNS membership agreements regarding the processing of their personal data. A further concern is that children’s naïve confidence sometimes leads them to take risks—by sharing information about themselves—that adults would not take. This is particularly concerning as children may be ignorant about the fact that their profile and behavioural data is sold to data brokers who use that information to produce targeted adverts—and that these adverts may display age inappropriate content or even may not by recognised by the children as adverts.1
Directive 95/46/EC2 regulates the processing of the personal data of
EU citizens, including personal data posted on SNSs. Problematically, it
was drafted in a pre-SNS era and neither makes reference to children nor
considers them vulnerable data subjects whose personal data should be
subject to more stringent processing rules. The absence of specific legal
protection for children’s data on SNSs sparked concerns that children were
ignorantly disclosing personal data and being exposed to profiling and
advertising without adequate privacy and data protection safeguards in place. In response to these concerns, provisions aimed at safeguarding children’s privacy and data protection rights have been included in Regulation (EU) 2016/679 (hereafter “GDPR”),3 which will come into force on 25 May 2018.
This chapter provides a critical evaluation of the forthcoming measures to
address a knowledge gap that exists because of the novelty of these provisions and the fact that scholarship in this area is currently underdeveloped.4 It begins by providing an overview of SNSs and the problems posed by underage children’s access to them. In this regard, it will illustrate that the biological and psychosocial developmental changes that children experience as they progress through their teenage years and develop their capacity for freedom of expression makes them vulnerable to impulsive personal information disclosures and privacy invasions. After this, an exploration of the current legal protections for children’s privacy on SNSs from the perspective of privacy as information control will highlight deficiencies in Directive 95/46/EC. This leads to an analysis of the measures in the GDPR to determine whether they will, when introduced, realise the twin goals of legitimising the processing of children’s personal data and, at the same time, protecting their fundamental privacy and data protection rights. The compatibility of measures in the GDPR with provisions in the United
Nations Convention on the Rights of the Child (1989) (“the UNCRC”)
and the Charter of Fundamental Rights of the European Union (2000)
(“the EU Charter”) is considered as these provide a normative framework
for evaluating children’s legal rights. To comply with both legal frameworks,
data protection measures in the GDPR governing children’s activities on
SNSs should recognise their evolving capacity for freedom of expression
and privacy. This would allow them to express themselves with appropriate
safeguards in place, ensuring that their best interests are protected and that they are not subject to economic exploitation through activities such as profiling and advertising without consent. Specifically, the analysis presents a critical evaluation of the introduction of an age threshold, below which children are deemed to lack capacity to consent to the processing of their personal data; the conceptual coherence of relying on parental consent for children under the threshold age; the practical implications of Member States being permitted to set the threshold age within a range of ages; and the practical challenges posed by relying on verified parental consent.
The chapter concludes that measures in the GDPR are compatible
with provisions in the UNCRC and the EU Charter but that a number of
practical challenges remain unsolved. For instance, allowing Member States to set the threshold age means that the goal of simplifying and harmonising the regulatory environment for SNSs operating on a transnational basis will not be fully realised. Equally, reliance on parental consent and the consent of children over the threshold age is conceptually coherent, but it is dependent on the introduction of low-cost age-verification mechanisms being integrated into SNSs. It is also dependent on child data subjects (or their parents) being digitally literate enough to give unambiguous, specific consent to the processing of their personal data. Relatedly, whilst the GDPR includes measures to promote and increase the digital literacy of both parents and children, it remains to be seen how effective these will be in practice. For these reasons, the GDPR is an improvement on Directive 95/46/EC, but only a partial success.

An analysis of the European Court of Justice preliminary ruling in Case C-230/14 Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, on the interpretation of two important aspects of Directive 95/46/EC, namely, the applicable law, and territorial reach of national data protection authorities. The Court ruled that the data protection legislation of a member state may be applied by the national data protection authority to a foreign registered company which exercises, through stable arrangements, real and effective (albeit minimal) activity in that member state; a ruling that potentially increases compliance costs for entities operating across multiple European jurisdictions pending the introduction of the proposed General Data Protection Regulation.

The Freedom of Information Act 2000 ('FOIA') came into force on 1 January 2005. It created, for the first time, a statutory right of access to information held by a wide range of public authorities. The right of access extends to all information held, regardless of how old the information is and the format in which it is held, unless one of the absolute exemptions listed in the Act is applicable, or the public interest test for disclosure is not satisfied in respect of a qualified exemption. Significantly, the Act also contains a power of ministerial veto, the effect of which is that orders to disclose information under the Act are rendered ineffective if a minister certifies that they have "reasonable grounds" for having formed the opinion that non-disclosure would not be unlawful. Prior to R (on the application of Evans) and another v Attorney General, [2] there was a lack of certainty regarding what constituted 'reasonable grounds' for the issuance of a ministerial certificate. As well as clarifying the threshold for reasonable grounds for issuing a veto, this judgment also engages in a discussion of the relationship between three fundamental constitutional principles: the rule of law, separation of powers and parliamentary sovereignty to determine the extent to which it is legally and constitutionally legitimate for a court exercising powers of judicial review to strike down a Government Minister's decision made under powers granted by Parliament to overturn an independent judicial tribunal's judgment. Thus, the decision is of interest to those seeking to assess its potential contribution to discourse on common law constitutionalism.

Following the outcome of the historic ‘Brexit’ referendum on 23 June 2016 in which a majority of eligible voters in the UK voted to ‘Leave’, the
UK is potentially on course to leave the European Union (EU), but to ensure continued economic success it will seek to maintain a favourable trading relationship with the EU.
This article identifies and critically evaluates the various types of trade deals the UK might negotiate upon exit with a particular focus on trade in
services since financial and digital services are key components of the UK economy.
 It also offers both pre- and post-exit guidance on the data protection permutations of each type of trade deal and concludes that post-withdrawal, the UK should ensure that its data protection law
is fully compliant with Regulation (EU) 2016/679. Forging its own data protection path could lead to isolation.