David Erdos
LightNews LightNews
banner
daviderdos.bsky.social
David Erdos
@daviderdos.bsky.social
260 followers 380 following 57 posts

Trinity Hall Fellow, Professor of Law & Open Society & CIPIL Co-Director Cambridge University. Interested in #dataprotection #GDPR information law, legal history & public and private international law. Viewpoints personal & RT≠endorsement .. more

Videos
Political science 54%
Law 28%
Posts Replies Media Videos

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · 2d
In contrast to its heavy reliance on C-252/21 Bundeskartellamt (2023) when pushing "pay or consent", @iconews has not made any mention of Land Hessen or the line of cases law emphasising the mandatory duty of "strong enforcement" under #GDPR which proceeded it.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · 2d
(ii) “the processing of personal data by the controller thereof in compliance with that regulation is ensured”, and (iii) “such non-exercise on the part of the supervisory authority is not liable to undermine the requirement of strong enforcement of the rules”.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · 2d
C-768/21 Land Hessen (2024) found “exercise of a corrective power” should always follow infringement except on a truly exceptional basis and even then only (i) “provided that the situation in in which the GDPR was infringed has already been made good” ...

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · 2d
Such an "advise and persuade" approach has been widely criticised within the regulatory literature and lacks empirical support. Treating use of formal corrective powers as an exceptional act is also strongly contrary to the guarantees set down in the #GDPR.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · 2d
Following many egregious Government #dataprotection breaches over the past few years it's v disappointing to see ICO-Government MoU doubles-down on the ICO's flawed "public sector approach" which "priortises enagement" rather than corrective powers use: ico.org.uk/media2/m15nb...

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Dec 11
Neglect of unique #Commonwealth collection never ceases to amaze! The old CW Institute was told not to give items to ailing Museum but did www.theguardian.com/uk/2002/nov/..., +140 Museum items were then illegally sold bbc.co.uk/news/uk-engl... before closure & now... www.bbc.co.uk/news/article...
Hundreds of items taken in high-value Bristol Museum archive raid
More than 600 artefacts from the museum's British Empire and Commonwealth collection are taken.
www.bbc.co.uk

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Nov 24
With no investigation even of Afghan #databreach despite grave risk to c100K & just 2 UK #GDPR fines in 24/25, I'm proud to join 70+ orgs & experts call on Commons Sci & Tech Committee, which oversees the ICO, to investigate #dataprotection enforcement probs www.openrightsgroup.org/press-releas...
70+ organisations and experts demand action over failing ICO
Over 70 civil society organisations, academics and data protection experts have urged the Chair of the Select Committee for Science Information and Technology to open an inquiry into the collapse in e...
www.openrightsgroup.org

Reposted by David Erdos

openrightsgroup.org
Open Rights Group @openrightsgroup.org · Nov 24
The final straw – the Information Commissioner's Office has decided NOT to investigate the Afghan data leak. It's time to investigate them!

Over 70 organisations and experts back ORG's call for an inquiry into the regulator's chronic failure to enforce data law.

www.theguardian.com/technology/2...
Civil liberties groups call for inquiry into UK data protection watchdog
Campaigners including Good Law Project describe ICO ‘collapse in enforcement activity’ after Afghan data breach
www.theguardian.com

Reposted by David Erdos

goodlawproject.bsky.social
Good Law Project @goodlawproject.bsky.social · Nov 24
What’s happened to the ICO’s enforcement regime?

We’ve signed @openrightsgroup.org’s letter calling for an inquiry after the data regulator declined to formally investigate the MoD over the Afghan data breach.
https://bit.ly/48gc9ZZ
Civil liberties groups call for inquiry into UK data protection watchdog
Campaigners including Good Law Project describe ICO ‘collapse in enforcement activity’ after Afghan data breach
www.theguardian.com

Reposted by Joanna Bryson, David Erdos

lukaszolejnik.bsky.social
Lukasz Olejnik @lukaszolejnik.bsky.social · Nov 20
A teddy bear equipped with AI was meant to be a child’s chat companion, but it eagerly jumped into topics like BDSM and “where to find knives.” The manufacturer stopped sales and cut off access. AI toys need strict filters, testing, and oversight or ot ends in a plush sewer. #AIact #GDPR

Reposted by Graham Greenleaf, David Erdos

chrismarsden.bsky.social
Chris Marsden @chrismarsden.bsky.social · Nov 16
"Munich regional court sided in favour of Germany’s music rights society GEMA, which said ChatGPT had harvested protected lyrics by popular artists to “learn” from them" Paying for the lack of respect and permission
www.theguardian.com/technology/2...
ChatGPT violated copyright law by ‘learning’ from song lyrics, German court rules
OpenAI ordered to pay undisclosed damages for training its language models on artists’ work without permission
www.theguardian.com

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Nov 15
Good to give input on @AJEnglish piece on barriers to #Trump action against #BBC. US #defamation law shields speech about public officials unless can show publisher knew was false or showed a reckless disregard for this. BBC is clear was unintentional. x.com/AJEnglish/st...
Al Jazeera English on X: "Would Trump’s $1bn lawsuit against the BBC hold up in court? https://t.co/QczYzdg6L9 https://t.co/sPOoIiduda" / X
Would Trump’s $1bn lawsuit against the BBC hold up in court? https://t.co/QczYzdg6L9 https://t.co/sPOoIiduda
x.com

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Nov 14
The PAC's findings raise further Qs about about the lack of ICO investigation or any formal regulatory action (even a mere reprimand) in response to this egregious #databreach which clearly arose from a long period of #dataprotection practices in grave violation of UK #GDPR.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Nov 14
The Committee is also clear that even now the MoD "has not done enough to stop future similar incident": committees.parliament.uk/committee/12... The cost of these errors, even only financially, dwarfs any impact which early and dissuasive use of penalties by ICO would have entailed.
Afghan data breach: MoD has not done enough to stop future similar incident, PAC warns - Committees - UK Parliament
The Public Accounts Committee (PAC) is not confident that the MoD has done enough to reduce the risk of future incidents like the 2022 Afghan data breach.
committees.parliament.uk

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Nov 14
Alongside grave individual impact, Public Accounts Committee finds that Afghan #spreadsheet #databreach will likely cost c£850m & arose within a context where the MoD "did not do enough to learn the lessons from previous data breaches" reported to ICO committees.parliament.uk/committee/12...

Reposted by David Erdos

montezumachavez.bsky.social
Luis Alberto Montezuma 路易斯·阿尔贝托·蒙特祖玛 @montezumachavez.bsky.social · Nov 7
The Commission will introduce the Digital Omnibus on November 19, simplifying of the implementation of AI Act.

Here's the text shared by netzpolitik.org:
lnkd.in/dCTW36pS.

Reposted by Jonathan Portes, Anand Menon, David Erdos

mwgehring.bsky.social
Markus W. Gehring @mwgehring.bsky.social · Nov 3
Fantastic lecture by @ukandeu.bsky.social Prof @anandmenon.bsky.social for the annual @eulegalstudies.bsky.social Mackenzie Stuart Lecture @cambridgelaw.bsky.social, chaired by Prof @cbarnard.bsky.social reflecting on the 2015 general election and inequality in the run up to the Brexit.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 31
Disappointing to see that the UK ICO has declined to submit any evidence to the Commons Defence Committee Inquiry into the circumstances behind, and consequences of, the #Afghan #spreadsheet #databreach, the most serious ever in UK public sector history: committees.parliament.uk/work/9327/af...
Afghan Data Breach and Resettlement Schemes - Committees - UK Parliament
This inquiry will examine the circumstances behind and the consequences of a major data breach in February 2022 from the Ministry of Defence. The breach involved the personal data of thousands of Afghan applicants for resettlement to the UK and their families, potentially putting these people at risk of reprisals. The inquiry aims to understand how this breach could have been allowed to happen, and, once it had happened, whether successive Governments took well-informed and sensible decisions under cover of an unprecedented super-injunction. The inquiry will also examine the Government’s wider arrangements for the resettlement of eligible Afghans in the UK. While lived experience can inform the Committee's work, please be aware that the Committee does not consider or assist with individual cases.
committees.parliament.uk

Reposted by David Erdos

paulfscott.bsky.social
Paul F Scott @paulfscott.bsky.social · Oct 30
committees.parliament.uk/committee/24...

Reposted by David Erdos

mfroomkin.bsky.social
Michael Froomkin @mfroomkin.bsky.social · Oct 30
1984: We're behind schedule.

Couple sues because NYPD aims cameras into their bedroom and living room, perhaps due to their history of activism.

I hope they win but the precedents are mixed.
www.law360.com/cybersecurit...
NYC Sued Over 'Voyeuristic' Police Surveillance System - Law360
A Brooklyn couple has filed a federal lawsuit alleging New York City uses a "voyeuristic" police surveillance system on all visitors and residents, which includes two police cameras that are aimed at ...
www.law360.com

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 30
Beyond #Afghan #databreach, the UK ICO faces increased scrutiny due to need to renew #dataprotection #adequacy. The European DP Board is urging much greater scrutiny of the robustness of its complaints handling & effectiveness of UK #GDPR sanctions and remedies: www.edpb.europa.eu/system/files...

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 29
The ICO claim #UKGDPR complaints are arising "as people become more aware of their #dataprotection rights" & now propose to refuse investigation of many of these. In fact, complaints have been stable since #GDPR & but with ↓↓ regulatory action by ICO have ↑ since 2023: inforrm.org/2025/10/28/c...

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
The approach would inevitably lead to many noncompliant controllers, especially SMEs, not being subject to any form of @iconews investigation which would exacerbate the lack of respect for legal rights and duties which data subjects now experience. The plans should be opposed.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
ICO now propose to reject investigation of many complaints unless there is a considerable number or increase concerning the same controller. With no investigation, the ICO would be unable to discharge its obligation to inform the complainant of the investigation outcome.

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
In reality, almost no complaints are being progressed within maximum period, it is far from clear that these are subject to appropriate investigation & ICO makes almost no use of its formal corrective powers (there were just 2 #dataprotection fines in 2024-25). Complaints have 📈

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
Under law ⚖️ ICO must investigate all #dataprotection complaints to the extent appropriate, respond consistently with need for strong enforcement and inform the data subject of the outcome of both the investigation and the complaint (providing a progress update within 3 months).

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
The UK Information Commissioner's Office is currently consulting (until this Friday) on its plans to change its response to #dataprotection including UK #GDPR complaints. Please do respond via ico.org.uk/about-the-ic...
ICO consultation on draft changes to how we handle data protection complaints
ico.org.uk

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 28
New blog on UK Information Commissioner's plan to reject investigation ‍of many #DataProtection complaints, an💡inconsistent with its obligation to inform all complainants of an investigation outcome & liable to fuel further disregard for the UK #GDPR especially among SMEs: inforrm.org/2025/10/28/c...
Cause for Complaint: Assessing the ICO’s Proposed New Approach to Data Protection Complaints – David Erdos
The Information Commissioner’s Office (ICO)’s data protection complaint handling performance is currently in very clear crisis.  Despite its pledge to assess and respond to 80% of such complaints w…
inforrm.org

Reposted by David Erdos

lilianedwards.bsky.social
Lilian Edwards @lilianedwards.bsky.social · Oct 27
Happy to announce that I'm giving a CIPIL seminar in Cambridge on Nov 20th, "Faithful or Traitor? The Right of Explanation in a Generative AI World", and it's attendance on zoom as well as in person but registration needed : see www.cipil.law.cam.ac.uk/press/events...
CIPIL Evening Seminar: 'Faithful or Traitor? The Right of Explanation
Speaker: Professor Lilian Edwards, Prof of Law, Innovation & Society, Newcastle Law School Biography: Lilian Edwards is a leading academic in the field of Internet law.
www.cipil.law.cam.ac.uk

daviderdos.bsky.social
David Erdos @daviderdos.bsky.social · Oct 27
Great to see open-access volume on #dataprotection and #humanitarian action now out marking decade of @icrc.org & @unhcr.org frameworks🎉https://lnkd.in/eTTyttpw My chapter is on 1990 UN Guidelines role in promoting regulation alongside autonomy & derogations for humanitarian IOs.