Conformance testing of EPON devices

In June of 2004, the IEEE Standards Association approved IEEE 802.3ah-2004, which defined Ethernet for subscriber access networks, or Ethernet in the First Mile (EFM). Part of this standard contained a new type of Ethernet technology, that of Ethernet Passive Optical Networks (EPON). EPON devices have introduced new and challenging requirements for both conformance and interoperability testing. This thesis lays the foundation, to be used by the University of New Hampshire InterOperability Laboratory (UNH-IOL), for comprehensive conformance testing of EPON devices. A series of recommendations are put forth that allow for the creation and implementation of EPON test suites and test tools that can be used to help verify the compliance and interoperability of EPON devices. The focus of this document is on the conformance testing of EPON devices within the MAC Control sublayer, reconciliation sublayer, and physical medium dependent sublayer. These three sublayers, defined in three individual clauses within the IEEE 802.3 standard, represent the bulk of requirements necessary to build a conformant EPON device, and therefore the need and demand for testing of these layers has never been greater

Looking through a legal PRISM at UK and US intelligence agency surveillance

The uncovering of the PRISM programme has concerned many that the UK authorities are circumventing the legal framework and gathering data on its own citizens via US surveillance agencies. Orla Lynskey describes the statutory controls that exist regarding data sharing with the US and explores whether they are adequate to protect UK citizens’ privacy. She concludes that there are little safeguards and redress opportunities for non-US persons, and that EU Data Protection regulation is, at present, toothless once international data transfers have been made. On the bright side, the revelation has brought the issue of government surveillance to the fore

The ICO Consults on the Future of Information Rights Regulation

The Information Commissioner’s Office (ICO) is asking for input on the future regulation of information rights in the UK. LSE’s Orla Lynskey looks at the draft document put out for consultation and points out what in particular merits notice and response

The 'Europeanisation' of data protection law

EU data protection law has, to date, been monitored and enforced in a decentralised way by independent supervisory authorities in each Member State. While the independence of these supervisory authorities is an essential element of EU data protection law, this decentralised governance structure has led to competing claims from supervisory authorities regarding the national law applicable to a data processing operation and the national authority responsible for enforcing the data protection rules. These competing claims, evident in investigations conducted into the data protection compliance of Google and Facebook, jeopardise the objectives of the EU data protection regime. The new General Data Protection Regulation will revolutionise data protection governance by providing for a centralised decision-making body, the European Data Protection Board. While this agency will ensure the ‘Europeanisation’ of data protection law, given the nature and the extent of this Board’s powers it marks another significant shift in the EU’s agency-creating process and must therefore also be considered in its broader EU context

Towards a holistic approach to effective data protection

Existing data protection frameworks are premised on the belief that individuals should have certain rights in relation to this personal data. However, the complexities and scale of online data use mean that the control of personal data and key decisions regarding its processing cannot be left to individuals. Orla Lynskey writes that competition law should be applied in a way that assists in developing a more holistic approach to effective data protection

Control over personal data in a digital age: Google Spain v AEPD and Mario Costeja Gonzalez

In the Google Spain judgment, the Grand Chamber of the EU Court of Justice determined the circumstances in which a search engine is obliged to remove links to data pertaining to an individual from the results displayed. The Court also considered the material and territorial scope of the EU data protection rules. This note argues that the Court's findings, which have been heavily criticised, are normatively coherent. The broad scope of application of data protection rules and the right of individuals to have their data deleted when certain conditions are fulfilled both play a part in granting individuals effective control over their personal data – an objective of EU data protection law

Grappling with "data power": normative nudges from data protection and privacy

The power exercised by technology companies is attracting the attention of policymakers, regulatory bodies and the general public. This power can be categorized in several ways, ranging from the "soft power" of technology companies to influence public policy agendas to the "market power" they may wield to exclude equally efficient competitors from the marketplace. This Article is concerned with the "data power" exercised by technology companies occupying strategic positions in the digital ecosystem. This data power is a multifaceted power that may overlap with economic (market) power but primarily entails the power to profile and the power to influence opinion formation. While the current legal framework for data protection and privacy in the EU imposes constraints on personal data processing by technology companies, it ostensibly does so without regard to whether or not they have "data power." This Article probes this assumption. It argues that although this legal framework does not explicitly impose additional legal responsibilities on entities with "data power," it provides a clear normative indication to do so. The volume and variety of data and the reach of data-processing operations seem to be relevant when assessing both the extent of obligations on technology companies and the impact of data processing on individual rights. The Article suggests that this finding provides the normative foundation for the imposition of a "special responsibility" on such firms, analogous to the "special responsibility" imposed by competition law on dominant companies with market power. What such a "special responsibility" might entail in practice will be briefly outlined and relevant questions for future research will be identified

Automation in education - is EdTech a threat to public values?

Educational technology (EdTech) plays a growing part in education across Europe. Orla Lynskey writes that while this technology has the potential to help students learn more effectively, it also presents serious challenges for public values such as equality and proportionality

Regulating 'platform power'

Increasing regulatory and doctrinal attention has recently focused on the problem of ‘platform power’. Yet calls for regulation of online platforms fail to identify the problems such regulation would target, and as a result appear to lack merit. In this paper, two claims are advanced. First, that the concept of ‘platform power’ is both an under and over-inclusive regulatory target and, as such, should be replaced by the broader concept of a ‘digital gatekeeper’. Second, that existing legal mechanisms do not adequately reflect the power over information flows and individual behaviour that gatekeepers can exercise. In particular, this gatekeeper power can have implications for individual rights that competition law and economic regulation are not designed to capture. Moreover, the technological design, and complexity, of digital gatekeepers renders their operations impervious to scrutiny by individual users, thereby exacerbating these potential implications