Tag Archives: data

ICO issues guidance on hiring and supporting DPOs

The UK Information Commissioner’s Office (ICO) has issued a resource for organizations to utilise when hiring and structuring the roles of data protection officers (DPO) under the General Data Protection Regulation (GDPR). This blog summarises several key elements of these resources. DPO checklist The checklist contains four sections which include: Appointing a DPO – across … Continue Reading

Data Protection Act 2018 comes into force

On 23 May 2018, the Data Protection Act 2018 (DPA) received royal assent and became UK law. The DPA implements the EU’s General Data Protection Regulation (GDPR), while providing for certain permitted derogations, additions and UK-specific provisions. The DPA: Repeals and replaces the previous Data Protection Act 1998 (the 1998 Act) as the primary piece … Continue Reading

European Parliament publishes a corrigendum to the GDPR

On 25 April 2018, the European Parliament’s Civil Liberties, Justice & Home Affairs Committee published a corrigendum (an error to be corrected in a printed work after publication) to the European General Data Protection Regulation ((EU 2016/679) (GDPR). There are 26 “official” language versions of the GDPR (all European Economic Area countries plus Norway and … Continue Reading

European Commission proposes draft Whistleblowing Directive

On 23 April 2018, the European Commission published a proposal for a Directive on the protection of whistleblowers reporting on breaches of EU law, accompanied by an explanatory memorandum. The Directive The intention behind the proposal is to harmonise the minimum level of protection available to whistleblowers across the EU. It reflects the Commission’s view … Continue Reading

European Commission outlines plans to boost artificial intelligence

Last month, the European Commission (Commission) announced plans to bolster the future of artificial intelligence (AI) across the bloc. In a paper on ‘Artificial Intelligence for Europe’, the Commission proposed a three-pronged approach to: (i) increase public and private investment in AI; (ii) prepare for socio-economic changes; and (iii) ensure an appropriate ethical and legal … Continue Reading

Article 29 Working Party issues final guidelines on consent

On 10 April 2018, the Article 29 Working Party (WP29) published revised guidelines on consent under the General Data Protection Regulation (GDPR). Consent is one of the six GDPR bases for the lawful processing of personal data. Technology Law Dispatch looked at the WP29’s draft guidelines on consent earlier this year. This article examines the … Continue Reading

Article 29 Working Party adopts finalized guidelines on transparency under GDPR

The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading

Article 29 Working Party consultation on guidelines for accrediting certification bodies under the GDPR

The Article 29 Working Party (WP29) published a consultation on guidelines for the accreditation of certification bodies under the General Data Protection Regulation (GDPR), which closed at the end of March. The consultation guidelines would require a certification body under the GDPR to be accredited by either the competent supervisory authority or the national accreditation … Continue Reading

Brexit sectoral analysis – ICT report

In November 2017, the House of Commons Committee on Exiting the European Union (the Committee) published impact assessment reports of Brexit on various UK business sectors. The Report on the Technology (ICT) Sector (the Report) is a mix of qualitative and quantitative analysis. For each business sector, the Report includes: (i) a description of the … Continue Reading

Article 29 Working Party update on GDPR implementation

The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading

European Commission VP comments on harmonisation and monetising user data, and guidance on the direct application of the GDPR is issued

On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to … Continue Reading

UK government publishes the Digital Charter and reaffirms creation of the Centre for Data Ethics and Innovation

Earlier this year the UK Department for Digital, Culture, Media & Sport published its new Digital Charter. This short document outlines a UK rolling programme of work designed to make the UK a friendly environment to start-up and grow digital businesses. It is also designed to make the UK a safe place to be online. … Continue Reading

Warning light: The FTC is monitoring the connected car marketplace

In a recently published “Staff Perspective,” the Federal Trade Commission (FTC) appears to be staying true to the regulatory humility approach Acting Chairman Maureen K. Ohlhausen underscored in her opening remarks to the connected cars and autonomous vehicles workshop the FTC co-hosted with the National Highway Traffic Safety Administration (NHTSA) last summer. The Consumer Protection … Continue Reading

More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges

Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading

Ofgem’s Smart Meter Network Decision: UK gas and electricity consumer privacy gets broader protection

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the privacy requirements embedded in the supplier licence terms and which will apply to suppliers’ use of customer data from “smart meters” … Continue Reading

NHS Advocates Selling Confidential Patient Data For Secondary Purposes

Latest plans announced by the UK’s Health and Social Care Information Centre (HSCIC) have resulted in a flurry of media controversy condemning NHS England (NHS) for advocating the sale of patient data to third parties for profitable gain. HSCIC, together with the NHS, has pioneered a new scheme, known as the ‘care.data’. From March 2014, … Continue Reading

State Attorneys General Maintain Sharp Focus on Privacy

Though the National Association of Attorneys General (NAAG) Presidential Initiative “Privacy in a Digital Age” expired in June 2013 when a new NAAG president took over, the state attorneys general have maintained their sharp focus on all things privacy, with no signs that that focus will shift anytime soon. Most recent case in point: a … Continue Reading

Office for the Australian Information Commissioner (OAIC) Publishes Draft Guidelines Interpreting New Privacy Principles

The Office for the Australian Information Commissioner (OAIC) has published initial draft guidelines which provide a good indication as to how to interpret the first five of thirteen Australian Privacy Principles (APPS) that will form the foundation of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which will become effective from 12 March 2014. APP … Continue Reading

Court Grants Final Approval to Class Action Settlement Over AOL’s 2006 Anonymization Failure; Big Data Precursor Settles for Millions

After nearly seven years of litigation, two class actions, and millions of dollars in legal and settlement fees, AOL hopes that it can finally put its infamous anonymization failure incident behind it. On May 24, 2013, a Virginia federal judge gave final approval to a class action settlement between AOL and a class of more … Continue Reading

Latin American Update: Costa Rica and Peru bring Data Protection regulations into force

This post was written by Cynthia O’Donoghue. Costa Rica’s 2011 data protection law came into force March 5, 2013, and Peru’s laws took effect April 22, 30 days after it published regulations. While this imposes new obligations on businesses operating or looking to do business in these countries, as with other data protection laws modelled … Continue Reading

The first European Parliament vote on the new data protection regime will be delayed

This post was written by Cynthia O’Donoghue. The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time. During the meeting on May 6, LIBE decided to delay … Continue Reading

More News on COPPA…

This post was also written by Frederick Lah. One day after the FTC issued its second report on privacy concerns with mobile apps for kids, “Mobile Apps for Kids: Disclosures Still Not Making the Grade“, a consumer privacy group filed a complaint with the FTC against a mobile game-maker for alleged violations of COPPA.  The complaint, … Continue Reading

Data Protection Concessions for SME’s hinted at by EU Justice Commissioner

This post was written by Cynthia O’Donoghue. Viviane Reding, Vice-President of the European Commission, EU Justice Commissioner, told ministers from the European Union Member States at a Justice and Home Affairs Council meeting in Luxembourg that in an effort not to overburden small and medium-sized enterprises (SMEs), she is prepared to offer them some concessions … Continue Reading
LexBlog