Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR.
Commissioner Denham emphasised that
On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union.
The Strategy notes the opportunities presented through the use of data analytics, artificial intelligence and the internet of things. Noting a recent Information Commissioner’s Office study, which found that only one in four UK adults trust businesses with personal data, a key aspect of the Strategy is to improve public trust and confidence in the use of data, enabling the UK to house a ‘world-leading’ data economy. To this end, the Strategy confirms that the UK will implement the General Data Protection Regulation by May 2018 (“GDPR”), ensuring a “shared and higher standard of protection for consumers and their data cross Europe and beyond.” Businesses will also be encouraged to adopt ethical frameworks for the use of data.
Continue Reading UK government publishes digital strategy to create and support a secure and thriving data economy
At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR), and ensuring the uninterrupted flow of personal data between the UK and EU post Brexit.
Reaffirmed Commitment to the GDPR
Continue Reading UK Reaffirms Commitment to GDPR while ICO Increases its International Focus
The governments of Switzerland and the United States finalised the Swiss-U.S. Privacy Shield Framework on 11 January. The Framework is similar in many respects to the EU-U.S. Privacy Shield, and replaces the U.S.-Swiss Safe Harbor Framework with immediate effect.
Background
Continue Reading Switzerland and the United States Agree Privacy Shield Framework
Just four months after its adoption by the European Commission, the EU-U.S. Privacy Shield is facing its first formal legal challenge.
The challenge comes from the Irish advocacy group Digital Rights Ireland, who is joined by French privacy advocacy group La Quadrature du Net and non-profit internet service provider French Data Network.
Continue Reading EU-US Privacy Shield challenged in the European Court of Justice
In an ongoing effort to tackle nuisance calls, the UK government has signalled its intention to make company directors directly liable for breaches of the Privacy and Electronic Communications Regulations (PERC) carried out by their firms. These fines will be in addition to any fines ordered against the firm itself.
Deemed a growing problem that, in particular, targets elderly and vulnerable sections of society, the Minister of State for Digital and Culture Matt Hancock emphasised that the new amendment will hand the ICO more agile and robust punitive powers.
“We have joined forces with consumer groups and regulators, such as the Information Commissioner’s Office (ICO), to stop nuisance callers. It used to be the case that the ICO had to prove a nuisance call had caused ‘substantial damage or substantial distress.’ Not anymore.”
Continue Reading Company bosses can no longer dodge nuisance call fines
On 5 July, the European Commission (“EC”) published a communication outlining measures to improve resilience to cyber incidents, improve cooperation and information sharing, and promote innovation and competition in the European cybersecurity industry.
The communication highlights the EC’s intention to take cooperation, knowledge, and capacity to the next level, particularly through the imminent introduction of
At the beginning of July, Baroness Neville-Rolfe, Minister of State at the Department for Business, Energy and Industrial Strategy, gave a speech at the annual Privacy Laws & Business conference, outlining the government’s stance on the implications of Brexit for a range of data issues including the GDPR, cybersecurity, international data transfers and the Internet
In June, the Attorney General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued his opinion (English translation pending) in the case of Verein für Konsumenteninformation v Amazon EU Sàrl (Case C-191/15). The opinion makes potentially important observations about which law should apply to the processing of personal data under the Data
Mobile health or ‘mHealth’ applications commonly raise complex privacy issues as a result of processing large amounts of sensitive personal data. Following the publication of its Green Paper on the topic in 2014, the European Commission has recently published a draft code of conduct on privacy for mobile health applications (‘the code’).
The code provides