The UK’s supervisory authority, the Information Commissioner’s Office (ICO), published a new data sharing code of practice (Code), available here, which addresses the requirements for data sharing under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).

Once approved by Parliament, the Code will become a statutory code of practice. Thereafter, the Code will be used by the ICO when assessing whether organisations have complied with their data protection obligations when sharing personal data. The Code applies to the sharing of personal data between controllers, as well as giving access to personal data to third parties. It does not, however, apply to data sharing with a processor, nor the disclosure of data within an organisation.

The Code contains practical guidance for controllers on how they can share data fairly and lawfully and how they can meet their accountability obligations under the GDPR and the DPA 2018. It also addresses misconceptions regarding data sharing, such as clarifying that data protection laws do not prevent data sharing (as long as the sharing is lawful, fair and proportionate) and that most data sharing does not rely on consent as the lawful basis.
Continue Reading The ICO publishes a new data sharing code of practice

Earlier this year, the Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online services (Code). The consultation closed on 31 May 2019 but the ICO has recently released an update on its progress in producing the Code.

The finalised Code will be informed

The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age of 18.

Best interests of the child at the core

This code of practice is based on the key principle in the United Nations Convention on the Rights of the Child that the best interests of the child should be a primary consideration in all actions concerning children. In the context of today’s myriad of online services, it has become increasingly difficult for both parents and children to make informed choices or exercise control over the way services use children’s personal data. The code aims to respect the rights and duties of the parents but also the children’s evolving capacity to make their own choices.

16 headline ‘standards of age-appropriate design’

The code requires ISS providers to abide by 16 cumulative standards when processing personal data of children through their services:
Continue Reading Protection of children’s online space: ICO issues code of practice on age-appropriate design