@timcochranenz.bsky.social
I'm finishing up my PhD focussing on law enforcement cross-border data sharing and privacy. I'm interested in all things law (and more).
We are delighted to share Conor Gearty @lselaw.bsky.socialβs reflections on writing: 8 tips for surviving (and enjoying!) academic writing.
Many thanks to Conor for sharing his insights!
Article: doi.org/10.53386/nil...
Series: doi.org/10.53386/nil...
π§Ά = ππ§΅ππ¦ΉββοΈβοΈ
15.09.2025 16:19 β π 2 π 1 π¬ 1 π 0Really happy to share my new article "Investigative Jurisdiction: The Evolving Limits of Extraterritoriality in Transnational Digital Investigations" now published online with the International & Comparative Law Quarterly. It's open access and free to read here: doi.org/10.1017/S002...
15.09.2025 10:27 β π 7 π 5 π¬ 1 π 0
On July 9, the European Court of Human Rights found that Russia was responsible for human rights violations in its invasion and war in Ukraine. Deborah Housen-Couriel and @asaflubin.bsky.social explain the impact of the court's treatment of digital rights protections in the age of digital conflict.
18.08.2025 17:15 β π 74 π 26 π¬ 1 π 2![Extract of judgment available at link, showing paragraph 43. This states:
"As to (3), although the data leak was accidental, on the materials before us it is strongly arguable that it also involved a breach of the law. That is because the data comprised personal data within the meaning of sections 3(2), (3) and 14(c) of the Data Protection Act 2018, and article 4(1) of the UK General Data Protection Regulation. The first defendant is the data controller (within the meaning of the Act and Regulation) because he holds the authority to determine the purposes and means of processing the personal data. [Individual 1] was a data processor (within the meaning of the Act and Regulation) because [they were] provided with the dataset and [they] used it and disseminated it. There was an obligation on the first defendant, [Individual 1], and all MoD officials to ensure that appropriate protection was in place (including by means of appropriate technical or organisational measures) against unauthorised or unlawful processing of the dataset, and against accidental loss: article 5(1)(f) of the Regulation (and see also articles 24(1), 25 and 32). It required no hindsight to appreciate that unauthorised disclosure of the dataset might give rise to a risk to life. It should never have been provided to, or disclosed by, [Individual 1], in unencrypted form. The provision of the dataset to, and its disclosure by, [Individual 1], involved a clear breach of article 5(1)(f) (and also article 24(1), 25 and 32) of the Regulation."](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:uhcfswrx5y7yvb6otoymp3jj/bafkreiaj4ubqbmlduf6nbiaqyelwkfc2hslibamnyn3xqzgi7aqhy7uwvm@jpeg)
Extract of judgment available at link, showing paragraph 43. This states: "As to (3), although the data leak was accidental, on the materials before us it is strongly arguable that it also involved a breach of the law. That is because the data comprised personal data within the meaning of sections 3(2), (3) and 14(c) of the Data Protection Act 2018, and article 4(1) of the UK General Data Protection Regulation. The first defendant is the data controller (within the meaning of the Act and Regulation) because he holds the authority to determine the purposes and means of processing the personal data. [Individual 1] was a data processor (within the meaning of the Act and Regulation) because [they were] provided with the dataset and [they] used it and disseminated it. There was an obligation on the first defendant, [Individual 1], and all MoD officials to ensure that appropriate protection was in place (including by means of appropriate technical or organisational measures) against unauthorised or unlawful processing of the dataset, and against accidental loss: article 5(1)(f) of the Regulation (and see also articles 24(1), 25 and 32). It required no hindsight to appreciate that unauthorised disclosure of the dataset might give rise to a risk to life. It should never have been provided to, or disclosed by, [Individual 1], in unencrypted form. The provision of the dataset to, and its disclosure by, [Individual 1], involved a clear breach of article 5(1)(f) (and also article 24(1), 25 and 32) of the Regulation."
Interesting to see the "seriously arguable" UK #dataprotection law breaches arising from UK military Afghan data leak set out in this judgment published today:
www.judiciary.uk/judgments/cx...
(This is my first π¦ post, so π all!)
