Monday, 19 September 2016

Privacy Shield – history, key links

This blog contains a chronology and key official links regarding the EU-US Privacy Shield, which replaced the EU-US Safe Harbor scheme, as a resource for ease of historical reference. As I’m UK-based, this inevitably has a UK slant, so any suggestions of further links would be welcome. (I aim to record official links only, not links to news stories, unless they provide useful information not available officially)

Snowden’s revelations of mass surveillance by US and other countries’ intelligence or security authorities kickstarted Safe Harbor’s demise and its replacement by the Privacy Shield. With a few exceptions, the chronology below starts with the Schrems ruling by the Court of Justice of the European Union (CJEU) on 6 October 2015, where the CJEU invalidated the EU-US Safe Harbour framework.

The links in this blog are up to date as of 6 August 2017.

Key current links


  • Challenges to the Privacy Shield are in progress before the Court of Justice of the EU: by Digital Rights Ireland (Case T-670/16) and La Quadrature du Net & others (Case T-738/16)


European Commission:

  • Privacy Shield webpage
  • See also the 12 July 2016 entry (in red) in the Chronology below, for Commission and US links on the finalised Privacy Shield framework.

European Parliament:


  • Privacy Shield Joint Review, WP29 letter to Commissioner Jourová, 15 June 2017
  • Preparation of the Privacy Shield annual Joint Review, WP29 press release 13 June 2017 - lists WP29's key concerns: legal guarantees regarding automated decision making, any DoC guidance on the application of the Privacy Shield principles to organisations acting as agents/processors, definition of human resources data; evidence that bulk collection, when it exists, is “as tailored as feasible”, limited and proportionate, information on the nomination of the four missing members  of the PCLOB, the appointment of the Ombudsperson and procedures governing the Ombudsperson mechanism
  • Feedback from the visit of Working Party 29 Chair, Isabelle Falque-Pierrotin to Washington, WP29 press release, 5 April 2017 - emphasis added:
    • "...The FTC and the Ombudsperson reiterated their general support to the Privacy Shield and their willingness to help the European Commission and the WP29 in their annual review. However, some of the key functions in the Privacy Shield architecture still need to be definitely appointed following the US election (Ombudsperson, FTC commissioners and PCLOB members). In addition, the organization of the annual review must be discussed in depth and in detail with the US authorities especially regarding access to documents. In that regard, Isabelle Falque-Pierrotin recalls that the objective of this annual review exercise is to verify through concrete evidences if US commitments under the Privacy Shield are fulfilled. It is essential that US authorities provide substance and demonstrate to EU stakeholders that the system is in place and works effectively so that this instrument ensures real and effective protection to EU data according to EU standards. The civil society expressed its concerns on the current context at national level especially on the renewal of Section 702 and on the overturn of FCC ebroadband privacy rules. The US Business industry supports the Privacy Shield as a solution bringing legal certainty to their transfers of data from the EU. In this context, the WP29 engaged at this plenary the discussions with the Commission as regard the organization of the joint review."
    • Visit of Working Party 29 Chair, Isabelle Falque-Pierrotin, in Washington, WP29 press release, 31 March 2017
  • Form for submission of requests to the US Ombudsperson
  • Rules of procedure for the submission of requests to the Ombudsperson via the “EU Centralised Body” under Rec.119 Shield Decision and Annex III on Privacy Shield Ombudsperson mechanism
  • Rules of procedure for the informal panel of DPAs under Rec.49 Shield Decision & supplemental principle III.5 ( Operation of DPA Panels), Annex II
  • Complaint form for submitting commercial related complaints (i.e. complaints about US organisations under the Privacy Shield) to EU DPAs
  • EU-US Privacy Shield - F A Q for European Individuals - wp246
  • EU-US Privacy Shield - F A Q for European Businesses - wp245

Pinsent Masons note on the final Privacy Shield (full disclosure – I was involved in this).

Chronology (reverse order)

For abbreviations, see the end.

31 March 2017

EU-U.S. data flows and data protection: opportunities and challenges in the digital era: speech by Commissioner Jourová in Washington D.C., announcing the first joint annual review of the Privacy Shield for September 2017.

29 March 2017

Announcement of Commissioner Jourová's visit to Washington D.C. to discuss, inter alia, the Privacy Shield.

27 January 2017

Taking data protection into a digital and globalised era: Joint Statement by Vice-President Ansip and Commissioner Jourová ahead of the 2017 Data Protection day, including: "Now, over 1700 companies have signed up to the Privacy Shield, with 700 further applications in the pipeline. We will continue to promote our data protection values at international level. This is why we will actively engage with key partners, such as Japan and South Korea, to reach adequacy decisions."

31 Oct 2016

Re-certifications under Safe Harbor will no longer be accepted (see US Department of Commerce Safe Harbor webpage).

19 Sept 2016

Subscribers to Privacy Shield as at this date (see the list) include, among cloud providers, Amazon, Google, Microsoft, Salesforce and Workday, but not yet Dropbox, Facebook, IBM or Twitter.

2 Aug 2016


1 Aug 2016

Privacy Shield Framework in force.


US Department of Commerce note about commencement date (on old Safe Harbor webpage)

26 July 2016


  • Press release – statement on the decision of the European Commission on the EU-U.S. Privacy Shield, noting:
    • the continuing lack of ‘specific rules on automated decisions and of a general right to object’
    • lack of clarity regarding how the Privacy Shield’s principles apply to processors
    • guarantees regarding the Ombudsperson were less strict than ‘expected’
    • lack of ‘concrete assurances’ that US authorities do not engage in mass indiscriminate data collection (despite ODNI’s commitment not to do so)
    • the first joint annual review of the Privacy Shield will be a ‘key moment’ for assessing its robustness and efficiency, and the review’s results regarding US authorities’ access to data transferred under the Privacy Shield ‘may also impact’ Mechanisms such as SCCs and BCRs
      • Does this imply that most DPAs will hold off from taking action regarding SCCs or BCRs until the first annual review?

12 July 2016

Privacy Shield adequacy decision adopted by Commission.


US Department of Commerce:


  • Criticism by Max Schrems and MEP Jan-Philipp Albrecht, Irish Times

8 July 2016

Art. 31 Committee meeting approving Privacy Shield.


Art. 31 Committee:

1 July 2016


30 May 2016

European Data Protection Supervisor (EDPS):

26 May 2016

European Parliament:

25 May 2016


  • Irish Data Protection Commissioner announces it is to refer the validity of SCCs to the CJEU
    • Note: the model clauses Decisions suffer from the same flaw regarding DPA powers as the Safe Harbor Decision, see Schrems summary below, and the Commission has not corrected that defect despite its November 2015 Communication (see below), so the SCCs Decisions could well be invalidated on that basis alone, regardless of US surveillance issues

13 April 2016

WP29 issued its opinion on draft Privacy Shield documents and a document on essential guarantees regarding state surveillance.


  • Press release - statement on the opinion on the EU-US Privacy Shield
  • Opinion 01/2016 on the EU–U.S. Privacy Shield draft adequacy decision (WP238):
    • ‘Significant improvements’ over Safe Harbour, but 3 key concerns…
      • no obligation to delete personal data that had served its purpose
      • no full exclusion of massive and indiscriminate data collection; and
      • the sufficiency of the proposed Ombudsperson’s powers and independence.
    • Also:
      • key EU data protection law principles were not reflected in the draft Shield documents (notably purpose limitation, data retention/deletion and automated decision-making)
      • ‘onward transfers’ were ‘insufficiently framed’, especially their scope, purpose limitation and ‘guarantees’ applying to transfers to agents
      • the proposed new recourse mechanisms seemed difficult for individuals to use and needed further clarification; and
      • the draft decision contained only limited information regarding the complex issue of access to Privacy Shield data by US law enforcement authorities.
    • The Privacy Shield will need review after the GDPR becomes applicable in 2018.
  • Working Document 01/2016 on the justification of interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data (European Essential Guarantees) (WP237) - 4 essential guarantees regarding intelligence activities, based on Schrems and other relevant EU and European Court of Human Rights case law:
    1. Clear, precise, accessible rules for processing, enabling individuals to have reasonable foreknowledge of what might happen to their personal data
    2. Demonstrating necessity and proportionality regarding the legitimate objectives pursued (generally national security)
    3. An independent, effective oversight mechanism; and
    4. Effective remedies for individuals before an independent body.

18 Mar 2016

European Parliament:

29 Feb 2016

Draft Privacy Shield documents released.




11 Feb 2016


3 Feb 2016


2 Feb 2016

Political agreement between EU and US on new Privacy Shield.




6 Nov 2015

Commission Communication on the Transfer of Personal Data from the EU to the United States of America under Directive 95/46/EC following the Judgment by the Court of Justice in Case C-362/14 (Schrems), COM(2015) 566 final

  • Model clauses (SCCs) and BCRs still usable for transfers to US; also derogations
  • The Commission is ‘shortly’ preparing a decision, to be adopted pursuant to the applicable comitology procedure, replacing the provision limiting DPAs’ powers (one of the bases on which the Schrems court invalidated the Safe Harbour Decision) in all existing adequacy decisions (pgs. 14-15)
    • No such decision has been issued as at 19 September 2016

27 Oct 2015


  • The US Safe Harbor – breached but perhaps not destroyed!
    • There is still a measure of protection for personal data transferred under the scheme – the privacy principles that members sign up to are still positive, for instance. But the assurance that meant Safe Harbor was automatically considered to provide the adequate protection required under the 8th data protection principle is no longer there
    • Don’t panic, take stock, make your own mind up (self-assessment of adequacy)
    • We’re certainly not rushing to use our enforcement powers
    • We’ll consider complaints from affected individuals, whatever transfer mechanism you’re relying on, but we’ll be sticking to our published enforcement criteria

26 October 2015


  • Rhineland-Pfalz’s DPA asked 122 large organizations how they were implementing their US transfers; 53% answered satisfactorily, with the DPA remarking, without mentioning SCCs, that their privacy-protective positions regarding ‘no-cloud policies’ or preference of EU providers had paid off

21 October 2015


  • DSK Position Paper - Special meeting of the Conference of Data Protection Commissioners (DSK) (German DPAs) in Frankfurt
    • Transfers to the US based ‘exclusively’ on Safe Harbor are ‘inadmissible’
    • The admissibility of transfers to the US based on model clauses (standard contractual clauses) or binding corporate rules (BCR), is also questionable
    • For the time being, [German] data protection authorities will not issue any new permission for data transfers to the  US  based on binding corporate  rules  (BCR) or data  export contracts. 
      • Presumably “data export contracts” are ad hoc contracts not model clauses, which strictly under the DPD should not require authorisation
  • Numerous individual German DPA positions – not linked to here

16 Oct 2015


  • Statement on implementing Schrems
    • transfers to the US relying on Safe Harbour are invalid
    • ‘massive and indiscriminate surveillance’ was a ‘key element’ of the CJEU’s analysis
    • urgent ‘legal and technical’ solutions needed to enable transfers to ‘the territory’ of the US ‘that respect fundamental rights’
    • SCCs and BCRs still usable (although DPAs could still investigate complaints)
    • if, by the end of January 2016, no appropriate solution was found with the US, and depending on its assessment of transfer tools, EU DPAs were ‘committed to take all necessary and appropriate actions, which may include coordinated enforcement actions’.

6 Oct 2015

C-362/14 Maximillian Schrems v Data Protection Commissioner, ECLI:EU:C:2015:650, CJEU

  • Commission’s 2000 Safe Harbour Decision was invalid:
    • Art. 1 was invalid – it did not comply with Art. 25(6) DPD or the Charter as it did not find, duly stating reasons, that that the US in fact ‘ensures’ an adequate level of protection by reason of its domestic law or its international commitments. No need to consider content of Safe Harbour principles.
    • Art. 3 was invalid – it constrained national DPAs’ powers ‘under restrictive conditions establishing a high threshold for intervention’, which the Commission had no legislative competence to do because DPAs must have ‘complete independence’ to review data subject claims under Art. 28 DPD and the Charter
    • As Art. 1 and Art. 3 were inseparable from the rest of the Decision, the entire Decision was invalid
  • No Commission adequacy decision may prevent national DPAs from examining individuals’ claims regarding the inadequate protection of their personal data transferred to a third country; but neither national courts nor DPAs can declare Commission decisions invalid, only the CJEU can do so
  • When considering the ‘adequacy’ of protection in a third country for the purposes of a Commission Art.25(6) decision, the test is whether the country’s legal regime provides ‘essentially equivalent’ protection
  • Although strictly the court’s decision rested on the Safe Harbor Decision being invalid for the reasons stated above, but it also outlined requirements for EU legislation interfering with the Charter’s fundamental rights to private life and data protection to be valid (drawn on by WP29 in its April 2016 opinion)
  • Note: all other Commission adequacy decisions, eg on SCCs or ‘whitelisting’ certain countries for transfers, contain the same wording as the invalidated Art. 3 of the Safe Harbour Decision - so they are all also at risk of invalidation for that reason alone


10 April 2014





News breaks in June 2013 regarding NSA contractor Edward Snowden’s revelations, notably, from the Guardian:

(for a detailed timeline of stories see


Art. 31 Committee – a Committee of EU Member State representatives, under Art.31 DPD, that votes on Commission adequacy (or inadequacy) decisions proposed under Art. 25(6) or 25(4) DPD, and certain other decisions under the DPD (flowchart of Art. 31 Committee voting and decisions)
CharterEU Charter of Fundamental Rights
CJEU - Court of Justice of the European Union
Commission – European Commission
DPA – EU national data protection authority
DPDEU Data Protection Directive 95/46/EC
FTC – US Federal Trade Commission
ICO – UK Information Commissioner
Member State – EU Member State (see diagram on the differences between the EU, EEA, EFTA etc)
Model clauses – see SCCs
SCCs – standard contractual clauses, aka ‘model clauses’, for enabling transfers of personal data outside the EEA, under various Commission Decisions
WP29 – Article 29 Working Party, comprising EU data protection regulators, with an advisory function under Art.29 DPD.

Tuesday, 17 May 2016

Article 93(2) GDPR comitology - flowchart

Under the General Data Protection Regulation (Regulation (EU) 2016/679), the European Commission has the power to make decisions in certain areas by way of "implementing acts", subject to approval of the relevant act by a committee under Art. 93(2) of the GDPR - which will no doubt become known as the Article 93(2) Committee (or Article 93 Committee).

When considering proposals by the European Commission, this Committee must use the "examination procedure" under the EU "comitology" process, governed by Regulation (EU) No 182/2011 - the same procedure that the Article 31 Committee under the current Data Protection Directive must use.


Below is a flowchart I prepared showing the Article 93(2) procedure. Click on the small image below to download the full PDF flowchart (note: amended 2 June 2016 to expand on what "positive", "negative" and "no opinion" mean).

Article 93(2) GDPR

The areas where the Article 93(2) Committee procedure applies are as follows; some are quite significant so it's important to know how the procedure works.

International transfers

Most of these areas relate to "international transfers" of personal data to third countries outside the European Economic Area or to international organisations:

  • Making decisions on the adequacy of protection of third country, territory or one or more specified sectors within a third country, or an international organisation – Art. 45(3) – or conversely on inadequacy, and repealing, amending or suspending previous adequacy decisions – Art. 45(5)
  • Adopting standard data protection clauses for allowing international transfers (the successor to the current model clauses or standard contractual clauses)– Art. 46(2)(c)
  • Approving standard data protection clauses adopted by national data protection supervisory authorities (SAs) for allowing international transfers - Art. 46(2)(d)
  • Specifying the format and procedures for the exchange of information between controllers, processors and SAs for binding corporate rules (BCRs) – Art. 47(3).

Other areas

The Art. 93(2) procedure also applies to certain other areas:

  • Laying down standard contractual clauses for controller/processor and processor/sub-processor contracts - Art. 28(7)
  • Giving EU-wide validity to an approved code of conduct, amendment or extension submitted to it (following its approval by an SA and the European Data Protection Board) - Art. 40(9)
  • Laying down technical standards for certification mechanisms and data protection seals and marks, and mechanisms to promote and recognise those certification mechanisms, seals and marks - Art. 43(9)

    (Note that the last two are relevant to international transfers also, in that transfers may be permitted to recipients who adhere to an approved code or obtain an approved certification, and who also make legally-binding commitments to apply the "appropriate safeguards" - Art. 46(2)(f).)
  • Specifying the format and procedures for mutual assistance betwee SAs and arrangements for the electronic exchange of information between SAs, and between SAs and the Board, in particular the standardised electronic format for SAs to supply information requested by other SAs – Art. 61(9)
  • Implementing acts of general scope to specify arrangements for exchange of information by electronic means between SAs and between SAs and the European Data Protection Board - Art. 67.

Article 31 Committee flowchart - Privacy Shield

The proposed EU-US Privacy Shield, intended to replace the Safe Harbour regime invalidated by the Court of Justice of the EU in Schrems, is currently being considered by a committee of representatives of EU Member States under Article 31 of the Data Protection Directive - known, of course, as the "Article 31 Committee".

When considering proposals by the European Commission, such as its draft adequacy decision to approve the Privacy Shield, this Committee must use the "examination procedure" under the EU "comitology" process, governed by Regulation (EU) No 182/2011.

Comitology is somewhat convoluted, so I've produced a flowchart explaining the different options, depending on what opinion the Article 31 Committee issues - expected to be in June 2016, but at this rate it may be later!

Explanatory paragraph added 13 June 2016: Note that the Data Protection Directive was amended from November 2003 by Regulation (EC) No 1882/2003. That changed the Article 31 Committee procedure from the one in the original Data Protection Directive, that gave the Council the final say, to the procedure set out in Decision 1999/468/EC. The 1999 Decision was itself amended a couple of times, and eventually replaced by Regulation (EU) No 182/2011. My flowchart reflects the Regulation 182/2011 procedure, which is now the applicable procedure for comitology under Article 31 of the Data Protection Directive.

There are other flowcharts on comitology, but mine just shows what's relevant to the Article 31 Committee and not other areas of law, and I believe it's clear but still informative.

Click on the small image below to download the full PDF flowchart (note: amended 2 June 2016 to expand on what "positive", "negative" and "no opinion" mean).

Monday, 7 September 2015

Search UK Information Tribunal decisions - full text

To search the full text of all UK Information Tribunal decisions using Google's very helpful site search facility, e.g. for data protection or freedom of information decisions, enter search term(s) in the box below, using quotes around a phrase, then click Submit or press Enter.

This is much more user-friendly than trying to use the Information Tribunal website's built-in search function, which doesn't allow full text searching and makes you select rather cumbersome filters.

Yes, you could also search them via Bailii, but I prefer using Google.

Monday, 12 January 2015

Data Protection Directive vs draft General Data Protection Regulation - infographics only

Here are comparative infographics on the progress of EU data protection legislation (Data Protection Directive versus draft General Data Protection Regulation). Click on a diagram to enlarge it. For comparative infographics on EU data protection legislative progress (DPD vs GDPR) together with a commentary, click here.

DPD vs GDPR - summary

DPD vs GDPR - rough scale (vital statistics)
DPD vs GDPR Parliament - number of amendments DPD vs GDPR - Council drafts - number of footnotes  DPD vs GDPR - number of Member States
DPD vs GDPR - comparative timetables  

Data Protection Directive vs draft Data Protection Regulation - infographics & commentary

The diagrams below compare the legislative progress and timing of the EU's 1995 Data Protection Directive (DPD) and the draft General Data Protection Regulation (GDPR). Click on a diagram for the larger version. For just the comparative infographics on EU data protection legislative progress, click here.

European Commission

The DPD was proposed by the European Commission in 1990, and adopted in 1995. The GDPR was proposed by the European Commission in Jan 2012, as part of a data protection reform package, to update the DPD.

The following diagram shows the number of Articles, Recitals and pages of legislative text (ie excluding explanatory commentary/notes, background material) in the 1990 DPD draft as compared with the 1995 DPD and the 2012 GDPR draft:

DPD vs GDPR - rough scale (vital statistics)

(Note: the 1995 DPD page count is not included as no "like for like" comparison is possible - the Official Journal PDF is 2-column and the font size, spacing etc are different.)

If you like, the vital statistics for the DPD (original 1990 proposal) and GDPR (1992 Commission proposal) are respectively:
  • DPD (1990 proposal): 33-24-27
  • GDPR (2012 proposal): 91-139-82

Before the GDPR can become law, it must be approved by both:
  • the European Parliament, ie elected MEPs, and
  • the Council of the EU aka Council of Ministers, ie EU national governments.
These EU institutions must agree on the same text, and a conciliation procedure may be invoked if necessary, inevitably involving negotiation and compromise. (For more info, see an outline of the EU's lawmaking procedures; key EU institutions; and main legislative info/documents on the GDPR).

In the European Parliament

The Parliament's lead committee appointed to scrutinise the GDPR was its Committee on Civil Liberties, Justice and Home Affairs (LIBE, rapporteur Jan Philipp Albrecht). LIBE's report to Parliament suggested numerous amendments to the Commission's text, taking account of input from several other Parliamentary committees including various amendments they proposed. Parliament adopted this unamended at its 1st reading of the GDPR on 12 Mar 2014.

The infographic below shows, for each of the DPD and GDPR, the number of amendments proposed by Parliamentary committees and the number of amendments actually approved by Parliament at its 1st reading.

DPD vs GDPR Parliament - number of amendments

In the Council

The Council of Ministers (comprising EU Member State national government ministers and the Commission) has, from the outset, been trying to agree its own position internally. Approval by the Council requires only a qualified majority vote rather than eg unanimity. Only after a draft text has been settled within the Council, can the task of agreeing a text with Parliament begin. It won't be easy: even now, there are many significant differences between the Parliament and latest Council versions.

Numerous Council documents have been released, many on specific parts only of the draft GDPR. As at Jan 2015, only three versions are available of the full consolidated draft GDPR text being discussed in Council - two officially published, the latest one leaked. The diagram below compares the number of footnotes in each consolidated draft version. The number of footnotes is used as a rough indication of the scale of Member State issues with the GDPR text, as most (though not all) footnotes contain reservations or similar statements by Member States or the Commission.
DPD vs GDPR - Council drafts - number of footnotes

Number of EU Member States

During the passage of the DPD, there were 12 EU Member States (becoming 15 on 1 Jan 1995, when Austria, Finland and Sweden joined).

When the GDPR was proposed by the Commission on 25 Jan 2012, there were 27 Member States (becoming 28 on 1 July 2013, when Croatia joined). So now there's nearly double the number of Member States as there was in the 1990s, to raise and agree issues in Council.

DPD vs GDPR - number of Member States


The figure below compares the timelines of the DPD and GDPR.

DPD vs GDPR - comparative timetables

Official statements have been made signalling the aim of agreeing the GDPR by the end of 2015 or even earlier, eg:
  • Vice-President for the Digital Single Market Commissioner Andrus Ansip: "During the first six months of the Commission’s mandate, I will support Commissioner designate Jourová and work with you and the Council to finalise the reform of data protection rules".
  • Commissioner for Justice, Consumers and Gender Equality Věra Jourová: "I see it as an important project of the whole Commission to ensure the swift adoption of the EU data protection reform… I strive for the adoption of the European data protection reform package within the first six months of the mandate".
  • Commissioner for Digital Economy and Society Günther Oettinger: "my legislative priority will be
    to support the Vice-President for the Digital
    Single Market and the Commissioner for
    Justice, Consumers and Gender Equality in finalising the negotiations on an ambitious Data Protection Regulation in 2015…".
  • In the Council, in early Dec 2014, "Progress was made by justice ministers on the EU data protection framework…" and the Council's President Andrea Orlando said "Today we have agreed on two of the most politically sensitive issues on data protection reform. We see this as an important result for the Presidency, and a decisive step towards achieving global agreement on this complex and important file"
  • The Commission recently stated "In 2015, as part of the Digital Single Market Strategy, the Commission will aim to conclude ongoing inter-institutional negotiations on proposals such as the common European data protection reform and the Regulation on a Connected Continent."
  • Calls were made by several national Parliamentary delegations for adoption "by 2015". Parliament's motivation to ensure the GDPR goes through may well be bolstered by the reincarnation of GDPR instigator Commissioner Reding as an MEP (Member of European Parliament) who, as Martin Hoskins irreverently puts it, may not want to pass up "the opportunity of being forever associated with a once-in-a-generation opportunity to reset data protection rules".
However, notwithstanding the political pressures, it's difficult to predict when if ever the GDPR will go through, particularly in light of:
  • the number of Member State issues within the Council, as suggested by the number of footnotes;
  • the far greater number of Member States there are now than in the 1990s; and, not least
  • the current vast differences between the texts propounded by Parliament and Council, which will have to be bridged somehow.
Certainly, Parliament's GDPR rapporteur J P Albrecht has doubted whether the GDPR could be agreed by the end of 2015.


    The figures from the diagrams above are consolidated below in a single infographic.

    DPD vs GDPR - summary
    There's a risk that the GDPR may end up being worse than the DPD for data subjects, and indeed also controllers and processors. See for example Chris Pounder's concerns regarding greater flexibility for Member States to make their own rules, particularly more national exemptions from data protection law requirements. I hope to blog my own specific concerns at a later date.

    We need better laws, better enforced by better-resourced regulators. And by "better laws" I mean sensible, realistic, understandable, clear, technology-neutral laws. It remains to be seen whether the GDPR will achieve that goal.



    Figures for the DPD are derived from:
    • the report of the lead committee for the DPD, the Committee on Legal Affairs and Citizens' Rights (JURI) PE 148.286/fin A3-0010/92 15 Jan 1992, rapporteur Geoffrey Hoon. This refers to PE 148.286/rev./Am.212-293, ie 293 amendments were proposed by that committee, and appends opinions of other committees showing their proposed amendments: ECON 39, ENER 9, ENVI 22
    • Parliament's resolution and amendments 11 Mar 1992 (OJ C 94/173, 13 Apr 1992).
    Figures for the GDPR are derived from:


    Figures for the DPD are derived from:
    • 9951/94 (12 Oct 1994);
    • 11099/94 (30 Nov 1994).
    Figures for the GDPR are derived from:
    Note: the Council of Ministers is not the same as the European Council.


    For a very readable book on how laws affecting the Internet should be made if they are to have any chance of being effective in practice, see Chris Reed's excellent "Making Laws for Cyberspace".

    Wednesday, 20 August 2014

    Google Glass review: photos & pics

    Here is the full version of my review of Google Glass for SCL (some photos are reduced to fit, scaled somewhat peculiarly due to my lack of time - just click on the photo for the full version).  Other photos (including a full photo taken using Glass) and screenshots showing Glass photos metadata are posted at

    Available in the US from 2013, Google Glass Explorer Edition arrived in the UK in late June 2014 - still in beta, so buyers are “Explorers”,[1] and Glass’s software is continually being updated (release notes and see this link). Glass won’t be available for consumers generally for some time yet.

    I tried a demo unit (linked to dummy Google account) in Google’s London showroom,[2] assisted by a “Glass Guide”. Offers to pawn[3] my immortal soul couldn’t garner me a loan. I didn’t get to wear it outside, so couldn’t experience others’ reactions to Glass.

    1.  What’s Glass?

    A £1000 (incl. VAT), Android 4.4 KitKat wearable computer inside a 43g “headband”, worn like glasses: 5MP panoramic camera (720p video), 12 GB usable storage, 670 mAh lithium-ion battery, accelerometer/gyroscope (not stated in the specs but there must be one given how it works), wi-fi and Bluetooth (official specifications, additional info). Processor and RAM are not mentioned in the official specs, but a public Google+ post stated that new units will have 2GB RAM.

    The titanium frame and nosepads are adjustable (press and hold). 5 colours are available (but no left-handed/eyed version) – see various photos.


    2.  Components[4]


    1. Bone conductor transducer (“speaker”) – press it to your skull to hear more clearly. I had trouble although the volume was maxed, so the supplied earbud is indispensable in noisy settings. (The CPU and battery are inside the arm bulge – can get hot!)
    2. On/off button power - inner side of headband. Press once to deactive/sleep Glass, press and hold to power up/down.
    3. Touchpad – outer side of the headband’s right arm; a horizontal touchstrip rather than “pad”, stretching between components 2 and 4 in the diagram above.
    4. Camera (the “shutter” button’s on top) and microphone (black vertical strip, inner side).
    5. Display (monitor substitute[5]) - a small transparent cuboid on a hinged arm. Look up to the right to view the “screen”; Google analogises it to looking in a rear view mirror (at least for US drivers). Once adjusted properly via the hinge, it’s like viewing a 25” HD display from 8 feet away. Only a few lines of text are displayable.

    Micro-USB port - beneath 2(ish), for micro-USB cable or earbud:


    There's no hard volume control buttons – although you can change the volume in Settings, while listening to music, or during a phone call.

    Here’s another view:


    3.  Basics

    You can only buy one Glass per Google Account. If you need prescription lenses, you can get a special frame free with your Glass purchase, which Glass screws onto (see photo above). Or free shades instead, if you prefer.

    In the box: Glass, pouch, micro-USB to USB cable (for charging, or connection to computer to access photos/videos), mono earbud (+£60 for stereo ones), 2 pairs of spare nosepads.
    Warranty: 1 year.
    Battery life: meant to be a day; intensive use eg video recording obviously affects that. Charges overnight. Sleeps (screen fades etc) some seconds after you stop interacting with it, to save battery life; tap touchpad or tilt head up to wake it. You can't change the sleep time.
    Accessories (pay extra): eg shield, stereo earbuds, case, spare frame (scroll to the bottom of this page).
    MyGlass app (iPhone / Android): effectively required, as some functions aren’t possible without it. Accessing the MyGlass website through a computer works, but that’s obviously less portable. You can install MyGlass without having Glass, but you won’t get far!


    The automated setup process makes you accept Google’s Glass terms of use (additional to the terms of sale), links Glass to your Google account, sorts out wifi/Bluetooth pairing, lets you add your top 10 contacts, etc.

    4.  Buy?

    You need a Google account and credit card. Lasiked? Best check with your doctor first.
    1. Google’s King’s Cross Glass showroom (locked, with beefy security guard).[6] By appointment only. But if you wander by and press buzzer looking pleading and winsome, they might just let you in.


    2. (Better bet) buy online (also see this) - there are standard terms of sale.

    5. Play, not buy?

    1. Updated 23 Aug: Get a demo - you can now book one via (though it's not entirely clear if you can book an appointment just to try, rather than to buy)
    2. Buy, try, return within 30 calendar days for full refund (NB wipe it first!).

    6.  Controlling Glass

    On wakeup you’ll see the home screen (strictly, home “card”) showing the time and “OK Glass”.


    Voice commands: while viewing the home card, say “OK Glass” to call up menu (nod up/down to scroll vertically); say menu option name.


    Speak clearly and slowly, voice recognition isn’t perfect! When composing a message etc, it transcribes voice to text, but you can’t correct just the last word - you’ll have to start over.

    Touchpad: used for many functions, eg tap to activate/OK/wake from sleep. Recognises tap and swipe forward/back/down (not up). Down means back/"escape"/home. For many menus you need to keep swiping for the next option.

    Bluetooth keyboards may work, with tinkering (eg this link and this link). Google itself has patented a projected virtual keyboard. Someone’s produced a touchpad-controlled on-screen keyboard. People are working on remote controllers for Glass via Bluetooth (another example), maybe even full-size virtual keyboards (via bracelets).

    7.  Functions/features

    Glass is integrated with Google’s services, unsurprisingly. So, Google services will “push” emails/notifications etc on-screen. Functions include:
    • Search – say “OK Glass. Google [search term]”. (Interesting given Google’s trademarks battles to stop “Google” becoming a generic term for “search for Internet stuff”!)
    • Browsing - you can view websites found through searching, but not by spelling URLs.
    • Watch/listen to YouTube videos (again, search for them).
    • Make/take calls – works as a Bluetooth headset, if paired. Android/iPhone recommended.
    • Gmail – get notifications of newly-arrived emails to read, reply, star, archive, delete.
    • Send messages, photos etc – not just via Gmail but also Hangouts, SMS (Android only, not iOS). You need MyGlass to select email as a method. Talk, and text appears!
    • Google Calendar – see events for next 2 days, edit events, etc. I’m told events can be added too.
    • Google+ - view notifications, +1 or comment on posts, start or join video calls, share photos/videos with contacts/circles
    • Take photos “with some software improvements, like HDR” – 3 options (preview via a “viewfinder”):
      1. voice command
      2. “shutter” button
      3. (when that setting’s enabled) wink. Warning: blinking may result in inadvertent snaps…
      You can even take photos with mind control (by adding a biosensor EEG headset)! You can also snap“vignettes”: photos with the Glass display overlaid. There's no optical zoom but developers have created some apps enabling digital zoom. Filesize varies, could be 700KB->1MB
    • Record video – stops after 10 seconds unless you continue it (no audio recording's available, unless someone writes an app).
    • Share photos etc – via Hangouts, Google+ etc; post videos direct to YouTube.
    • Navigation/directions – see 10.
    • Google Now – “in-the-moment information based on your Google Now Settings”, including Weather, Stocks, Sports, and Flights. Includes notification of Now reminders, supposedly even finding where you’ve parked your car. This function seems potentially the most useful, but there’s obvious privacy implications – no room to discuss them here.
    • Translate foreign signs (Word Lens - amazing and currently free! Also on iPhone; Android Play Store).
    • Google Play Music – listen to your Play library music.
    • Screencast to Android tablet/phone – mirrors Glass display via Bluetooth.
    • Transfer photos/videos to computer – Glass behaves like a camera, when connected via cable. Only photos/videos are accessible in this way, but Google may change that if people would like access to other files. You can copy, rename, or delete photo and video files. However, renaming them will make them no longer available in the timeline (covered later). You can’t manage the files on Glass through your computer beyond that.
    • Backups – when Glass is charging and connected to wifi, an autobackup feature (enabled by defaul) will automatically sync photos/videos to a (supposedly private) folder or “album” on your Google+ account (without deleting them from Glass), and also autoupdate itself. I'm told that no other items are synced to Google+, currently. You can force initiation of backup manually. Stopping Glass autobackup from automatically copying your “private pictures” to Google+ seems much trickier[7] - a setting to disable autobackup would benefit privacy-conscious users. Another issue seems to be that deleting media from Glass, to free up space, deletes it from G+ as well (ie it syncs rather than backs up), which may defeat the object of backups. I'm told that:
      • An autobackup "clear" function removes items from Glass that are already backed up, but leaves backups intact.
      • Deleting photos via a timeline card – deletes from both Glass and online
      • Deleting from Glass via connected computer – deletes only from Glass.
    • Have it read emails etc aloud. It can also describe aloud what you touch, select etc.

    8.  Use

    A “card” fills the screen, eg home card, settings, calendar event notification, email/SMS notification, photo snapped, news event pop-up. (Experimental) “notification glance” opens the email etc on glancing up after receiving the notification. When notifications arrive, Glass also chimes.

    Texts and emails are copied to internal memory and the timeline. As stuff happens or you do things, cards get saved to a “timeline”. New cards “push” older cards to the right. Scroll through cards in the timeline by swiping back/forwards. Related cards can be grouped in a “bundle”, eg Settings, upcoming calendar events. Cards are removed from the timeline in 7 days/after 200 cards. Check the timeline to view any notifications arriving during sleep.

    9.  Apps (“Glassware”)

    Unlike Google Play/iTunes apps, the Glassware Gallery of (Google-tested/approved) third party apps, ie “web services that can send content to and from Glass”, is accessible only through Glass + MyGlass. Glassware (unofficial directory, about 60 so far) includes Shazam music recognition, Twitter, Evernote, Guardian and other news apps, etc. No apps yet for speech to text notes (although you could email or text yourself a note), or PDF/Ebook reading, and porn apps were banned! There’s help/info for developers, including a downloadable SDK (software development kit), and current development seems particularly focused on medical applications.

    10.  Limitations/issues

    Perfect vision or contacts is best. Myopic me couldn’t see anything without holding it over my regular glasses.

    But, it’s not designed to fit over specs. So you need a special frame (currently free if buying Glass, +£175 per extra frame, 4 styles available); then go buy prescription lenses, pay specialist opticians, pay again if your prescription changes.[8] Again there’s a range, including shades.


    MyGlass seems essential for some basic functions eg Gmail contacts, selecting how to send stuff (email, SMS etc – no SMS option with iOS). In my view Glass alone isn’t enough; ideally you need an iPhone or (better still) Android smartphone, to use Glass to its fullest with MyGlass.

    It’s uncomfortable (even painful) to keep looking up/right continuously. Google recommends trying it for 30 mins the first day, then building up. However it’s not meant for prolonged continuous use,[9] but for short “micro-interactions”, so as not to distract you too much while hot air ballooning (as you do). That’s why the display’s small, Google says.


    Even during my demo, a “Glass must cool down to run smoothly” message appeared; it downed tools, needing at least a minute’s rest before working again. I didn't time it, but my continuous use couldn't have been for more than 20-30 minutes when that message appeared, probably less. Can’t see how you’d video a full-length movie, despite cinemas’ fears!

    Environment - with ambient noise, eg someone speaking loudly at the other end of the room, it’s hard to hear without the mono earbud. In bright sunlight, the display may be hard to see.

    Navigation/getting directions requires a Bluetooth-paired GPS-enabled phone. Most other functions/apps need connectivity. For Glass to join secured wifi networks, use MyGlass on your linked phone or the Glass website on a computer. Otherwise, Glass can only join open wifi networks (as there’s no keyboard to enter passwords). But you can tether Glass to your phone via Bluetooth or wifi to use your mobile data plan, if your network allows it. A few apps don’t need connectivity, like Star Chart.

    You have to trawl through the timeline to find things. There’s no timeline search, no structured way to access saved data eg “all photos”, “all emails”, etc. There’s no file manager eg to delete photos in bulk, even via MyGlass, though you can “clear” all media stored on Glass in one go.

    11.  Security

    The screen’s transparent. People can see what you’re seeing - if they peer closely and can read reverse text. You’d notice! Similarly, they’d have to be uncomfortably close to hear anything, or to issue voice commands that would be recognised (voice recognition is not tied to the individual user).

    To secure Glass better and deter Glass-snatchers:
    • Set a screenlock code: a sequence of 4 steps, each comprising 1 of 10 different options: tap, swipe forward, swipe back, hook swipe forward, hook swipe back, each of which can be done with 1 or 2 fingers, giving 10,000 possible screen lock (or, strictly, unlock) patterns. Glass automatically locks after about 5 seconds’ inactivity, or on touching the power button, and if you've set a lock code then you'll have to enter the correct pattern to unlock it on waking it after sleep.[10]
    • Set “On head detection”, so that Glass automatically deactivates on removal, whether by you or a would-be Glass thief (and it wakes on putting it on).
    After 10 failed attempts to enter the correct pattern, Glass locks itself out for a short period of time, during which you can’t attempt any pattern. Each successive failure locks it out for a longer period. After 15 attempts, you’re locked out permanently. When locked out, you can go to the MyGlass site or app and unlock it from there – it’ll generate a barcode that Glass will scan to unlock.

    However, be warned that photos/videos stored on Glass are easily accessible just by connecting it to a computer, even if you've set a screen lock code. Also, texts and emails etc are stored in internal memory. If someone stole your Glass, I don't know how easy it would be to retrieve your emails etc too. If Glass offered full disk encryption (FDE) and you enabled it, that would scupper snoops or at least make their life much harder.

    Google wouldn't tell me if Glass has FDE or not, but given the accessibility of photos/videos through USB, I imagine not. As Android tablets/phones offer FDE (albeit crackable), I hope Google will start supporting this for Glass.

    The good news is that apparently people using Glass in sensitive settings (financial, government etc) can program Glass to their requirements. Eg Google said developers could change the voice command from “OK Glass”.

    Google may deactivate your device if you tell them it’s lost/stolen, but that doesn’t delete data. However, Google says you can erase your device remotely via MyGlass or the Glass website, which wipes the device as soon as it connects to a network thereafter. A factory reset is possible through the Settings also. I don't know how thorough the wipe is - Google didn't tell me if that zeros all (or indeed any) data, how many passes are used etc, and how easily retrievable data may be after the erasure. But reportedly a reset doesn't fully wipe some other Android tablets or smartphones (Avast report including link to free app to overwrite files), and no overwriting app for Glass appears to be available yet.

    12.  (Other people’s) privacy

    People can see when the screen’s active (lit up) even from a distance. Though you could just be viewing a notification. They can’t tell if you’re taking a photo or recording a video unless you press the shutter button or wink. But any extra "mind control" headset's pretty obvious, and extending a video recording beyond 10 seconds requires tapping (though again you might be tapping to do something else). Glass can even be used to read other people’s phone/tablet passwords!

    As for Glass users’ privacy (eg metadata saved with photos) and developer issues, that’s for another article (for space reasons), but I'll say for now that I was told no GPS location metadata is automatically saved with photos – though date/time data are saved (see details of the types of metadata automatically recorded with Glass photos).

    13.  Other questions

    Would you feel comfortable driving wearing them? Once used to it, and if it was in overglasses form (see below), I’d feel comfortable driving with it on, though I’d probably keep it in sleep unless I needed nav help. I’m not sure if you can disable everything except nav to minimise distraction (especially notifications), but that feature would be useful. For navigation while driving I’d prefer the screen to be top left or at the bottom, where checking it occasionally feels more natural than top right Top right might be fine for Americans or others where the driver's seat is on the left; less so for UK drivers. Google's terms of use has a disclaimer regarding using nav while driving; if I acted for Google I'd extend that to using Glass generally (not just nav) while driving, as notifications may be as distracting.

    Does it make you feel constantly connected, or just connected whenever you wish to be? Is it intrusive / disruptive to your life having them always there, or is it just convenient? As it goes to sleep quite quickly, it’s only connected intermittently. Subject to the overglasses point below,[11] they wouldn’t feel intrusive or disruptive to me. Eg if notifications would be disturbing during a meeting, just put it to sleep until you’re ready to receive them. Whether others might find it intrusive is a different matter! Anecdotally I’ve heard of someone removing them and putting them round his neck, clearly inactive, before entering the men’s room. That might be part of evolving etiquette.

    What unstructured data would you want it to structure? I didn’t quite follow this question. It’s meant for use on the go, receiving useful info like email notifications, or taking photos/videos hands-free – it’s not designed for structuring data (and see my file management/search points).
    Other questions – (including by private message) were mainly on data/content and rights, which for space reasons I’ll cover in a separate future article.

    14.  If only…

    No frame’s available that’s designed to fit over one’s regular glasses. A Googler suggested that perhaps overglasses were thought unfashionable. True, some overglasses are functional, but others can be quite blingy. And some people can’t or don’t want to wear contacts or buy another frame just to use Glass.[12] I think more people would buy Glass, who wouldn’t otherwise, if an overglasses version were made available, at least for the general consumer release.

    Personally, what I crave is a sub-500g laptop replacement for working on the move.[13] To me, Glass’s key innovation is that it obviates the need for a large (and heavy) physical screen, producing similar results for users through projection. I hope that eventually, as batteries become lighter, Google will release an overglasses model with:
    • much bigger screen (as seen by users) – particularly for those of us with ageing eyes
    • different design, hinged so that the screen can be moved into the middle of the user’s vision (much easier viewing than up/right) when desired, and moved back to the side when not.[14] That would enable users to read War & Peace comfortably on Glass – some would want to!
    • support for fast input via a full-size (but light) keyboard – whether portable Bluetooth or virtual keyboard using (not heavy) bracelets/rings
    • apps for reading and annotating PDFs, ebooks and other documents – and ideally writing/editing them too, eg Office for Glass? (in combination with full keyboard support, of course)
    • much longer battery life, and a processor/apps suited to extended continuous use, and
    • full disk encryption enabled by default, at least when you set a lock pattern.
    Easier searching and file management would also be good, perhaps via another “remote control” device such as smartphone or computer (but with adequate security).

    The above represents my own wishlist, but there are other use cases. A friend who’s a keen bird ringer would love to have a voice-activated, voice-output, wearable computer with the BTO app, so that while your hands are occupied handling a bird you could say “Fieldfare” and the computer would say and display “Fieldfare: Full grown ring C, Pulli ring C”, giving you the info hands-free - and ideally you should be able to scroll via voice alone too.

    In terms of possible "legal" uses for Glass, Neil Brown has suggested a few:
    • Simultaneous translation of foreign language documents: as you are looking at a document, Google Glass converts the particular paragraph to your preferred language — perhaps enough for getting a gist of something, if tuned with a legal dictionary.
      • But this isn't possible yet – Word Lens is excellent, however it only works on quite large text, ie on signs. Hopefully in future the camera and app will both improve enough to make this possible.
    • As you read through a document, it captures the text, OCRs it, and turns it into a file for you to edit — perhaps even "dictating" notes as you read, which are then appended to that digital file for subsequent incorporation.
      • Again, if only! This expands in more detail on my own document reading/annotation wishlist item. OCR seems dependent on camera quality and app availability, especially as they would have to cater for any unsteady hands holding a document, and as previously mentioned an audio note transcription app isn't yet available (which would need more fine-grained error correction than "start all over again" if one word is transcribed wrongly).
    • Advocates in court, so that others can "pass notes" to them without having to shove pieces of paper around.
      • Yes, this is possible by sending an email or text to the advocate. It would be great if you could quickly put Glass into "restricted mode" in court, a kind of filter that lets through only important messages from (pre-defined, editable) contacts or groups of contacts, to prevent too many distractions in court or indeed meetings – then disable restricted mode again when you're out. It would be interesting to see if courts ban Glass, even for open sessions.
    • A presenter's notes available to them on a per-slide basis, just a quick glance away; no more need for shuffling papers in the hand, or looking down to a screen on the floor, tying you to one place on the stage. Or even just the "next build" for the current slide — moving the presenter view right into the presenter's view.
      • Again, not possible yet, see my wishlist item on "Office for Glass" – but hopefully one day!

    15.  More info

    16.  Verdict

    As Google makes very clear, Glass is still in beta. Developers with an eye to the future of computing will certainly want, indeed need, one. As for everyone else, those earning below partner/professor/“head of” levels might understandably balk at paying £1000 for a beta product, unless of a pioneering bent or won over by the cool factor.

    Personally, I’d happily buy one even at that price – but only if and when my wishlist features are incorporated, because a laptop replacement is my own ideal use case for Glass, and yes I’d don bracelets and not care how it looked! Until then, I’d consider Glass should the price be significantly reduced, but it’s probably of most benefit to Now and Plus users, and I’m not big on either.[15] So, for the features Glass currently offers, my smartphone is good enough for me, for now.

    Info in this review was gleaned from quizzing Google staff at the demo, at Glass's London developers’ launch or from Google’s website. Some graphics are from Google’s site, used with Google's kind permission. Many thanks to the Googlers for their patient answers, which were of course to support the demo and are in no way official Google statements! This review is written in my personal capacity only.

    © W Kuan Hon, 2014. This review may be copied/redistributed under a Creative Commons CC-BY-NC 2.0 UK licence, attributing Kuan and linking to this review ie

    [1] Sometimes, somewhat unfortunately, known as“Glassholes”. So much so that Google released an etiquette guide of dos and don’ts for Explorers… including don’t “be creepy or rude”!
    [2] Which Google calls Basecamp, but I’m tempted to call a Glass House.
    [3] Not “surrender forever”. Not daft, me.
    [4] Some patent diagrams have been posted.
    [5] Helpful graphic on the science
    [6] Google asked me not to disclose the address, so no amount of coercion or bribery will get me to reveal it, no sirree. Not even chocolate. Updated 23 August: Google have since revealed the location publicly so I'll add it - it's 10 Stable Street, London N1C 4AB
    [7] Including reports that disabling Google+ from Glassware didn’t work, and that Glass uploaded a private album from a paired iPhone! It seems the best if long-winded solution is to disconnect Glass from your phone and wifi, snap your “private pictures”, transfer them to a computer via the USB cable, delete them from Glass, then re-enable Glass connectivity…
    [8] Could prove very expensive if you need more than one pair like me, but hopefully few people have eyesight as bad as mine. Disposable contacts aren’t available in a high enough prescription for my tiny bulgy eyes.
    [9] “Glass is designed for micro-interactions, not for staring into the screen, watching Friday night movie marathons or reading "War and Peace."”
    [10] The previous link says that Glass locks only on turning Glass off – but fully powering down isn't the same as just putting it to sleep, strictly. However, Google assured me that after pressing the power button once to deactivate it also locks it.
    [11] Glass wouldn’t stay in place without my holding it over my specs. I can’t see without prescription lenses, and multiple prescription frames would be too expensive for me!
    [12] Personally I’d have to buy another 2 frames just to use Glass. Were an overglasses version available, one unit would be all I’d need.
    [13] Yes, I meant sub-500g. Sub-1 kg is still too heavy if you’re short, feeble, unfit – and/or have back problems. Teenagers, kids and some women would relish full computers weighing under 500g; even some men have bad backs.
    [14] And even further in the future, get the screen to move into the centre automatically with a voice command, and out again with another!
    [15] Now for privacy reasons - I’m still unclear exactly which parts of Google’s privacy policy apply to Now. I want to know details of what info it collects, who gets it, and exactly what they do with it, not vague/general purposes, so I don’t use Now on my Android tablet.
    Plus, ditto – Google recently backpedalled on its initial insistence on real names, but did so too late for me. If it had allowed pseudonyms from the outset I would have tried it and maybe even moved on to using it with my real name, but currently I don’t have the time/energy/braincells to make the effort.