Archive for the 'Uncategorized' Category

European Commission proposes new laws on accessibility of public sector websites

As I reported on Twitter earlier this week, the European Commission has proposed a new directive governing the accessibility of websites operated by organisations in the public sector.

If passed, the directive would set out requirements in relation to how many public sector bodies ensure that their websites are accessible to users with disabilities. The European Commission estimates that there are over 700,000 public sector websites in the EU.

Determining what is “accessible”
One of the big issues with legislating on website accessibility is the need to have an objective set of criteria for determining what an accessible website looks like. Accessibility, by its nature, is a subjective issue, as accessibility problems will vary depending on an individual’s disabilities and the device/browser software that the user is using. This makes it difficult to have a law that sets out clearly what organisations have to do.

The UK Equality Act deals with this by a set of objective criteria for determining discrimination (that apply regardless of the type of discrimination that is alleged to be taking place), but translating this into the specific steps an organisation should be taking in relation to its website has always been difficult, as the law simply refers to policies or practices that have effect of discriminating against the individual concerned.

The proposed directive addresses this issue by presuming that the website meets the accessibility requirements where it complies with a number of external standards.

These are:

  • initially, the recently approved international standard on website accessibility ISO/IEC 40500), which in turn references Level AA conformance under version 2.0 of the W3C‘s long-established and recognised web content accessibility guidelines (WCAG);
  • any European standard on website accessibility, which may include any standard under the ongoing Commission’s Mandate M/376 project (which is also likely to be based on WCAG Level AA conformance); and
  • ultimately the harmonised standards for accessibility drawn up and approved by the EU institutions, which in turn will be based on the European standard based on M/376.

Disappointingly, the presumption of “accessibility” appears to be based only on compliance with tick box criteria (rather than say, user testing, as recommended by the British Standard BS8878). However, as I note above, it is difficult to legislate for subjective assessment.

The proposed directive is intended to sit alongside the proposed European Disability Act, which will address the accessibility of goods and services, including ICT.

As a directive, the new laws will need to be locally implemented in each member state. The Commission’s current timetable envisages the date for this laws coming into force as being 30 June 2014.

Whilst the transitional arrangements are not yet clear, public sector bodies looking to update their websites over the coming year should bear in mind the likely new laws and accessibility requirements when developing their technical requirements specifications.

For many, this should not require a huge change in approach, as WCAG level AA conformance has been a UK Government recommended standard for several years now. However, if the directive is passed then that obligation will now be part of a clear legal framework.

Martin Sloan

Claire Scott blogs on Brodies EmploymentBlog about the importance of employee social media policies, following footballer Ashley Cole’s recent tweet about the FA’s findings in relation to the John Terry/Rio Ferdinand incident.

Brodies Employment Blog

The issue of employees’ use of social media has been brought back into focus following the Football Association’s decision to charge Ashley Cole with misconduct in relation to a Twitter comment he made about football’s governing body. Ashley Cole’s club Chelsea have also said he may face disciplinary proceedings.

The offending tweet which can be seen at was in response to an Independent FA Commission’s finding that John Terry was guilty of making abusive and insulting comments to Anton Ferdinand, which included a reference to his race, during a match between Chelsea and QPR in October 2011. In reaching their decision, the Commission called into question the evidence that had been given to it by Mr Cole.

Speaking on BBC Radio 5 Live Sport, former England player Graeme Le Saux commented that the FA must make players aware “there are consequences” for inappropriate use of social media.

The FA’s…

View original post 439 more words

ICO guidance – deletion of personal data

The Information Commissioner’s Office (“ICO”) published new guidance recently to help organisations better understand the requirement imposed on them by the Data Protection Act 1998 (the DPA) in relation to deletion of personal data. This guidance is available on the ICO’s website,

The exact requirements under the DPA in relation to deletion of personal data previously have been open to wide interpretation. The problem is that, in an IT sense, ‘deletion’ doesn’t have the clearest of meanings.

What does the DPA say?

The DPA centres on a number of key issues, or principles, in relation to safeguarding personal data. The fifth principle states that personal data should not be kept for any longer than is necessary to fulfil the purpose for which it was processed in the first place.

While in the case of a paper-based system it is straightforward to destroy the information held, when you are dealing with electronic records, ‘deletion’ has many permutations. Technically, archiving data will still fall within the scope of the DPA, but holding personal data in an archive system, particularly one that is not easily searchable, is unlikely to be detrimental to the relevant individual.

This has lead to many organisations being unsure as to what they need to do in order to comply with the Act.

What the guidance says

To help organisations navigate this maze of uncertainty, the ICO has said that it will not take action in respect of a breach of the fifth principle in respect of data that, although technically not deleted, has been put ‘beyond use’, nor will such data fall within the scope of data subject access request. The ICO will consider that data has been put beyond use if the data controller (the person controlling the processing of the data) meets the following criteria:

  • It is unable to (or will not attempt to) use the personal data in any way that would affect the relevant individual;
  • It does not give any third parties access to that personal data (unless, for example, it is compelled by law to do so);
  • It puts in place appropriate technical and organisational measures to safeguard that data (essentially a restatement of the seventh principle);
  • It commits to permanently deleting the personal data, when possible.


While data controllers will have to meet all four criteria for their obligation to delete data to be suspended, the conditions are not particularly onerous. In fact, they give welcomed clarification on this issue and better reflect how organisations work in practice.

If you would like to discuss whether your current process for archiving complies with the requirements set out in the guidance, or any other aspect of data protection law or information security best practice, please get in touch with your normal Brodies contact.

Leigh Kirktpatrick


We are currently preparing our autumn 2012 seminar program and will post details here soon.

If you would like to be amongst the first to hear about our autumn seminar programme then follow this link to register your details on the Brodies website.

If there is a particular topic that you would like to see us cover, or are interested in bespoke training for your organisations on any of the issues we cover here on Brodies TechBlog then please contact Martin Sloan or your usual Brodies contact.

Twitter: @BrodiesTechBlog feed

December 2017
« May    

%d bloggers like this: