The Information Commissioner’s Office (ICO) has published new guidance on international data transfers (the guidance) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). Ex-EU personal data transfers The GDPR restricts the transfer of personal data to non-EU countries or international organisations. The ICO has clarified that a transfer is restricted if: The GDPR … Continue Reading
On 10 July 2018, the Information Commissioner’s Office (ICO) announced its intent to fine Facebook £500,000 for two breaches of the Data Protection Act 1998, the maximum permitted under the pre-GDPR regime. If the penalty is enforced, it will be the biggest issued by the ICO in its history. For some perspective, had the breach … Continue Reading
On 22 June 2018, the European Commission published a factsheet that provides a visual summary of the actions taken to date to implement its Digital Single Market strategy. The Digital Single Market strategy refers to the European Commission’s mission to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer … Continue Reading
The Upper Tribunal (Administrative Appeals Chamber) in IC v Miller [2018] UKUT 229 (AAC) has rejected an appeal brought by the Information Commissioner (IC), which was in relation to a First-Tier Tribunal (FTT) decision finding that “small data” (i.e., data concerning five or fewer individuals or households) was not exempt from disclosure under the Freedom … Continue Reading
To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text. One of the effects of the Proposal is … Continue Reading
The Information Commissioner’s Office (‘ICO’) has published its 2017/2018 Annual Report, covering the 12 months leading up to 31 March 2018. The report is the ICO’s annual report to Parliament as required by the Data Protection Act 1998 (‘DPA’), and outlines the achievements and work of the ICO. Among the findings reported are the number … Continue Reading
The UK Information Commissioner’s Office (ICO) has issued a resource for organizations to utilise when hiring and structuring the roles of data protection officers (DPO) under the General Data Protection Regulation (GDPR). This blog summarises several key elements of these resources. DPO checklist The checklist contains four sections which include: Appointing a DPO – across … Continue Reading
The UK government has opened a consultation on exemptions to paying a data protection fee, giving businesses the opportunity to lobby for new exemptions to be introduced. Businesses that are responsible for processing personal data (i.e. controllers) are required to pay a data protection fee to the Information Commissioner’s Office (ICO). These fees are: £40 … Continue Reading
You may well remember our blog from last year which outlined the Commission’s proposal for a framework in relation to the free flow of non-personal data in September 2017 (you can view our blog here). On 19 June 2018, the European Parliament, Council and the European Commission reached a political agreement on the rules that … Continue Reading
In the wake of the U.S. Supreme Court’s decision in Spokeo v. Robins, 136 S. Ct. 1540 (2016), there has been a plethora of litigation in privacy class actions over whether federal courts can exercise subject-matter jurisdiction over the asserted statutory or common law claims. However, in addition to considering whether a court has subject-matter … Continue Reading
Last month, the European Commission (Commission) announced plans to bolster the future of artificial intelligence (AI) across the bloc. In a paper on ‘Artificial Intelligence for Europe’, the Commission proposed a three-pronged approach to: (i) increase public and private investment in AI; (ii) prepare for socio-economic changes; and (iii) ensure an appropriate ethical and legal … Continue Reading
On March 30, 2018, a D.C. federal district court denied a motion to dismiss an ACLU case filed against the government to challenge the constitutionality of the Computer Fraud and Abuse Act (CFAA), which makes it a federal crime to access a computer in a manner that “exceeds authorized access.” Sandvig v. Sessions, No. 1:16-cv-01368, … Continue Reading
The German Federal Cartel Office (”FCO“) has launched a sector inquiry into “online price comparison websites.” This sector inquiry is the first specific proceeding in which the FCO applies its new competencies in the area of consumer protection given to it by the 9th amendment to the German Act against Restraints of Competition (“ARC”). Another sector … Continue Reading
The 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong published a Resolution on Data Protection in Automated and Connected Vehicles, which sets out fundamental data protection requirements for the mobility of the future (“Resolution”). The Resolution proposes common international standards. The Resolution addresses not only vehicle and equipment manufacturers, but also … Continue Reading
The upcoming ninth amendment of the German Act against Restraints of Competition (Gesetz gegen Wettbewerbsbeschränkungen, ARC), which has already been approved by the German Federal Parliament (Bundestag) and the German Federal Council (Bundesrat), is expected to enter into force shortly. The new law is tailored to adapt German competition law to the specific features of … Continue Reading
The EU Commission recently launched a Public consultation on Building the European data economy. The objective behind the consultation is to feed into the Commission’s future policy agenda on the European data economy in 2017. The data economy In its Communication entitled “Building a European Data Economy,” the Commission has re-identified (from its 2012 Communication) … Continue Reading
Responding to news reports that journalists were able to purchase advertising on Facebook targeted to ethnic groups, Facebook announced several new changes to the company’s advertising products. The move highlights heightened scrutiny of advertising practices surrounding the increasing use of big data in many aspects of marketing and advertising. Facebook’s response grew out of a … Continue Reading
The European Data Protection Supervisor (“EDPS”) issued an Opinion on “coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer … Continue Reading
In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June 17, 2016), … Continue Reading
The amount of data collected worldwide is rapidly proliferating, and one international organization wants to make sure it’s clear how to protect what is arguably the most sensitive category of that data: biometrics. The Biometrics Institute, which has branches in London and Sydney, released new revisions to its Biometrics Privacy Guidelines to its members on … Continue Reading
The FTC unveiled a lengthy report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, warning companies about commercial uses of big data and the discriminatory impact it may have on low-income and underserved populations. “Big data” refers to the ubiquitous collection of massive amounts of consumer information by companies, which may be … Continue Reading
On November 25, a California federal court dismissed without prejudice a proposed class action against Toyota Motor Corp., Ford Motor Co., and General Motors LLC, claiming the carmakers failed to ensure the electronic security of their vehicles by equipping them with computer technology that is susceptible to being hacked by third parties. Cahen, et al. … Continue Reading
With the onslaught of smart watches, smart thermostats, and even smart refrigerators that allow you to Tweet hangry messages to your followers, it’s only natural that a “smart city” would follow. This week, San Francisco city officials agreed to run a one-year pilot project with Sigfox – an FCC certified French start-up that builds low-power … Continue Reading
A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say … Continue Reading
