The UK’s supervisory authority, the Information Commissioner’s Office (ICO), published a new data sharing code of practice (Code), available here, which addresses the requirements for data sharing under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). Once approved by Parliament, the Code will become a statutory code of practice. … Continue Reading
After a long period of negotiation, the United Kingdom (UK) and the European Union (EU) have reached a deal on the sharing of personal data, only a few days before the end of the Brexit transition period. The agreed trade deal allows for the continued free flow of personal data from the EU to the … Continue Reading
Earlier this year, the Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online services (Code). The consultation closed on 31 May 2019 but the ICO has recently released an update on its progress in producing the Code. The finalised Code will be informed … Continue Reading
The Information Commissioner’s Office (ICO) has published its 2018/19 Annual Report, covering the 12 months to 31 March 2019. This is the ICO’s first annual report to parliament since the GDPR came into force in May 2018. It sets out exactly what the ICO has been up to in what has been an interesting year. … Continue Reading
The Information Commissioner’s Office (ICO) has published its update reflecting on its GDPR experience over the past year and its upcoming priorities to stay relevant, foster innovation and maintain its position as an “influential regulator on the national and international stage”. Supporting the public, DPOs, SMEs and other organisations The first year of the GDPR … Continue Reading
The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics. Certification Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions … Continue Reading
Researchers at the Information Commissioner’s Office (ICO) have started a series of blogs discussing the ICO’s work in developing a framework for auditing artificial intelligence (AI). In the first blog of the series, the discussion revolves around the degree and quality of human review in AI systems, specifically, in what circumstances human involvement can be … Continue Reading
The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age … Continue Reading
“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading
In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading
Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading
In early October, the UK government updated a collection of guidance notes they had issued on ‘bring your own device’ initiatives (BYOD). Given the increase in employees using their personal devices to connect to their employers’ systems, employers in both the private and public sector will welcome this guidance. The ‘BYOD Guidance: Executive Summary’ describes … Continue Reading
The ICO has had a busy January with some key updates to note for the start of 2014. The ICO has produced a series of quarterly reports: Spam text messages The main three topics for the subject of unsolicited marketing text messages were found to be debt management, payday loans and payment protection insurance. Enforcement … Continue Reading
This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading
This post was written by Cynthia O’Donoghue. The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published a Data Protection Regulatory Action Policy, setting out factors the ICO will consider when deciding whether to initiate enforcement action and what form it should take. The policy should assist organisations with understanding the enforcement process … Continue Reading
The UK data protection authority, Information Commissioner’s Office (ICO), has published statistics regarding breach incidents in the first quarter of this year (1 April – 30 June 2013). In a related press release, the ICO discussed conclusions drawn from the numbers regarding the most common types of data breaches and the sectors that appear to … Continue Reading
Following a public consultation in December 2012 on a draft version, the Information Commissioner’s Office (ICO) published its final Subject Access Code of Practice on 8 August 2013. Like all other data protection laws in the EU, the Data Protection Act 1998 (DPA) includes the principle that anyone has the right to find out what … Continue Reading
The UK Information Commissioner’s Office (the “ICO”) has served a monetary penalty notice of £250,000 on Sony Computer Entertainment Europe following the hacking of Sony’s PlayStation Network in April 2011, which it described as a serious breach of the UK Data Protection Act (the “Act”). The ICO stated that Sony did not take “appropriate technical … Continue Reading
The UK Information Commissioner’s Office (ICO) published guidance on ‘bring your own device’ (BYOD), given the tremendous increase in employees both connecting to, and seeking to be able to use their personal devices to connect to, their employers’ systems. The ICO reported that 47% of employees now use personal smartphones, laptops or tablets for work, … Continue Reading
The UK Information Commissioner’s Office (“ICO”) has published an explanation of the process and timeline of the proposed EU data protection reform and its involvement in the on-going negotiations. According to the ICO, the proposed EU data protection reforms could “be one of the biggest changes to data protection that the (UK) has ever seen.” … Continue Reading
Following the publication of its “further thoughts” on the European Commission’s proposed new data protection framework, the ICO has now published an in-depth, article-by-article analysis of the proposed General Data Protection Regulation (the Regulation). The ICO pointed out that this is an important opportunity to get the framework correct, as it is likely to remain … Continue Reading
The UK Information Commissioner’s Office (ICO) has published a report detailing compliance and consumer concerns about use of cookies, following the changes under Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR), which require consent, more transparent notice and opt-out. In response to more than 550 consumer complaints about implied consent mechanisms and the … Continue Reading
In a clampdown on the UK’s growing illegal telemarketing, the Information Commissioner’s Office (ICO) issued its first monetary penalties under the Privacy and Electronic Communications Regulations 2011 (PECR) in November. Following an 18-month investigation, Christopher Niebel and Gary McNeish of Tetrus Telecoms were fined £300,000 and £140,000 respectively for distributing up to 840,000 illegal spam … Continue Reading
The UK Information Commissioner’s Office (ICO) has published a code of good practice on managing the risks related to anonymisation. Christopher Graham, UK Information Commissioner, believes this to be the first code of practice on anonymisation to be published by any European data protection authority, but Liechtenstein published a guide on anonymisation and pseudonymisation earlier … Continue Reading