In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading
From 16 May, those making (or instigating) direct marketing telephone calls must provide Caller Line Identification (‘CLI’) when making calls live or through automated means. The display of their telephone numbers to consumers has the effect of making it easier for consumers to refuse and/or report unwanted marketing calls. The Privacy and Electronic Communications (EC … Continue Reading
The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information. When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers … Continue Reading
In preparation for European Data Protection Day on 28 January, the ICO commissioned a survey on attitudes towards data protection. The YouGov poll revealed growing public concern over data privacy and security. Of more than 2000 respondents questioned: 95% considered it “very or fairly important” that companies were clear from the outset about how their … Continue Reading
In December, we reported that the European Parliament and Council had reached agreement on the text of the General Data Protection Regulation (GDPR). As 2015 drew to a close, the agreement was welcomed and approved by various European institutions. With the GDPR likely to be adopted early in 2016, the year is set to see … Continue Reading
As 2015 draws to a close, the UK’s Data Protection Regulator, the Information Commissioner’s Office (‘ICO’), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of … Continue Reading
With the EU Data Protection “reform train” rounding what is hopefully the final bend towards the summit of consensus, the UK ICO have published their latest analysis on the Council’s draft EU Data Protection Regulation. The analysis demonstrates the improvement needed in order to ensure that the new law provides effective protection to individuals while … Continue Reading
The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by the ECJ last year when it held that data subjects have a right to compel search engines to remove results … Continue Reading
The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading
Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading
The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading
On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading
In January, Ofcom, the UK telecommunications regulator, published its Statement on ‘Promoting investment and innovation in the Internet of Things’ (Statement). The Statement acknowledges that the Internet of Things (IoT) has the potential to deliver significant benefits to citizens and consumers. In light of this, Ofcom sought views from its stakeholders on what role Ofcom … Continue Reading
The UK Information Commissioner’s Office (ICO) signalled its commitment to approving third-party “privacy seal” schemes following its recent public consultation. The first UK schemes should be operational by 2016. The consultation comes in anticipation of the European Commission’s revised data protection framework proposals, which may include provisions intended to encourage the adoption of privacy seals, … Continue Reading
On 28 July, the ICO released its report ‘Big data and data protection’ (the ‘Report’). The Report defines ‘Big Data’ and sets out the data protection and privacy issues raised by Big Data, as well as compliance with the UK Data Protection Act 1998 (‘DPA’) in the context of Big Data. The ICO defines Big … Continue Reading
In June, Facebook came under public scrutiny after it was revealed that the company carried out research in 2012 that manipulated the News Feeds of 689,000 users. Several regulators are now poised to investigate Facebook’s conduct. The study exposed users to a large amount of either positive or negative comments in order to observe the … Continue Reading
At the end of March, the UK Information Commissioner’s Office (ICO) released its corporate plan for 2014-2017 titled “Looking ahead, staying ahead” (the Plan). Information Commissioner Graham stated that the changes proposed are “about getting better results, for both consumers and for data controllers.” As the UK’s supervisory body for upholding information rights, the ICO … Continue Reading
The UK Information Commissioner’s Office (ICO) has issued an updated code of practice (the Code) on subject access requests, less than a year after releasing its original guidance paper on the topic. The Code is designed to help organisations fulfill their duties under the Data Protection Act 1998 (DPA) and contains guidance in relation to … Continue Reading
At the beginning of March, the UK Information Commissioner’s Office (ICO) signed a memorandum of understanding (MOU) with the U.S. Federal Trade Commission (FTC) at the IAPP Global Privacy Summit. The memorandum is aimed at increasing cooperation between the agencies, with UK Information Commissioner Graham stating that the arrangement would be “to the benefit of … Continue Reading
In February, the UK Information Commission’s Office (ICO) issued an updated code of practice on conducting Privacy Impact Assessments (PIA), with a six-point process for organisations to follow (the Code). A PIA is intended to focus the attention of an organisation on the way that data is held and used in any project, and reduce … Continue Reading
A judgment from the Court of Appeal on 7 February 2014 in the case of Edem v The information Commissioner & Financial Services Authority [2014] EWCA Civ 92, has held that “a name is personal data unless it is so common that without further information, such as its use in a work context, a person … Continue Reading
This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading
Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive. … Continue Reading
This post was written by Cynthia O’Donoghue. The UK’s First-tier Tribunal (Information Rights) has overturned a monetary penalty issued by the Information Commissioner’s Office (ICO) against the Scottish Borders Council. The £250,000 penalty related to the unsecure disposal of hard copies of council records containing personal data and had been issued by the ICO in … Continue Reading
