Singapore does not have the right to privacy in her constitution. I find her case particularly interesting because Singapore was a British colony up until 1958. The European Convention of Human Rights (ECHR), of which the UK is a signatory, came into force in 1953 [1]. It would be interesting ...

It's the holiday seasons and I decided to build a Tensegrity Hourglass Tower model as a holiday project. Possibly the first in the world. The inverted tripod at the top is "floating" and only attached by twine. Tautline hitch is used to adjust the tension on the 3 sides. The vibration is due to ...

In Lindqvist, the court concluded that uploading data to a hosting provider within the EU where that data is available for access to anyone outside the EU does not constitute a data transfer [1]. The explanation given was that the page did not have the ability to initiate a transmission of that ...

Jan mentioned that data controllers have to ensure "every instance of their personal data is eliminated across all platforms". I believe that is a bit of an overstatement. I would have probably worded it as "every instance of their personal data where processing is authorized by the controller ...

I think there are areas where LastPass has done well and areas where they fall short. Firstly, LastPass's initial communication on August 25 2022 was sent two weeks after detecting a breach, which is reasonably timely considering they needed time to investigate the incident [1]. EDPB guidelines ...

I believe that the legislators drafting the GDPR have taken into account the concept of "behavioral surplus". Both can co-exist as long as companies exercise good judgement in the processing of data. According to Article 5(1)(c) of the GDPR, Personal data processed must be "adequate, relevant ...

According to Recital 32 of the GDPR, "pre-ticked boxes" as well as "inactivity" does not count as consent [1]. Planet49 GmbH v Bundesverband der Verbraucherzentralen was probably one of the cases which set the precedence for what constitutes consent. Planet49 had a pre-ticked checkbox on its ...

I would like to explore Article 9(2)(e) of the GDPR further as the term "manifestly made public" appears to warrant more in depth discussion. An example for such a situation could be an event organizer processing the details of an openly known HIV positive individual to invite that individual ...