The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics. Certification Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions … Continue Reading
Researchers at the Information Commissioner’s Office (ICO) have started a series of blogs discussing the ICO’s work in developing a framework for auditing artificial intelligence (AI). In the first blog of the series, the discussion revolves around the degree and quality of human review in AI systems, specifically, in what circumstances human involvement can be … Continue Reading
The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age … Continue Reading
“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading
In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading
Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading
In early October, the UK government updated a collection of guidance notes they had issued on ‘bring your own device’ initiatives (BYOD). Given the increase in employees using their personal devices to connect to their employers’ systems, employers in both the private and public sector will welcome this guidance. The ‘BYOD Guidance: Executive Summary’ describes … Continue Reading
The ICO has had a busy January with some key updates to note for the start of 2014. The ICO has produced a series of quarterly reports: Spam text messages The main three topics for the subject of unsolicited marketing text messages were found to be debt management, payday loans and payment protection insurance. Enforcement … Continue Reading
This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading
This post was written by Cynthia O’Donoghue. The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published a Data Protection Regulatory Action Policy, setting out factors the ICO will consider when deciding whether to initiate enforcement action and what form it should take. The policy should assist organisations with understanding the enforcement process … Continue Reading
The UK data protection authority, Information Commissioner’s Office (ICO), has published statistics regarding breach incidents in the first quarter of this year (1 April – 30 June 2013). In a related press release, the ICO discussed conclusions drawn from the numbers regarding the most common types of data breaches and the sectors that appear to … Continue Reading
Following a public consultation in December 2012 on a draft version, the Information Commissioner’s Office (ICO) published its final Subject Access Code of Practice on 8 August 2013. Like all other data protection laws in the EU, the Data Protection Act 1998 (DPA) includes the principle that anyone has the right to find out what … Continue Reading
The UK Information Commissioner’s Office (the “ICO”) has served a monetary penalty notice of £250,000 on Sony Computer Entertainment Europe following the hacking of Sony’s PlayStation Network in April 2011, which it described as a serious breach of the UK Data Protection Act (the “Act”). The ICO stated that Sony did not take “appropriate technical … Continue Reading
The UK Information Commissioner’s Office (ICO) published guidance on ‘bring your own device’ (BYOD), given the tremendous increase in employees both connecting to, and seeking to be able to use their personal devices to connect to, their employers’ systems. The ICO reported that 47% of employees now use personal smartphones, laptops or tablets for work, … Continue Reading
The UK Information Commissioner’s Office (“ICO”) has published an explanation of the process and timeline of the proposed EU data protection reform and its involvement in the on-going negotiations. According to the ICO, the proposed EU data protection reforms could “be one of the biggest changes to data protection that the (UK) has ever seen.” … Continue Reading
Following the publication of its “further thoughts” on the European Commission’s proposed new data protection framework, the ICO has now published an in-depth, article-by-article analysis of the proposed General Data Protection Regulation (the Regulation). The ICO pointed out that this is an important opportunity to get the framework correct, as it is likely to remain … Continue Reading
The UK Information Commissioner’s Office (ICO) has published a report detailing compliance and consumer concerns about use of cookies, following the changes under Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR), which require consent, more transparent notice and opt-out. In response to more than 550 consumer complaints about implied consent mechanisms and the … Continue Reading
In a clampdown on the UK’s growing illegal telemarketing, the Information Commissioner’s Office (ICO) issued its first monetary penalties under the Privacy and Electronic Communications Regulations 2011 (PECR) in November. Following an 18-month investigation, Christopher Niebel and Gary McNeish of Tetrus Telecoms were fined £300,000 and £140,000 respectively for distributing up to 840,000 illegal spam … Continue Reading
The UK Information Commissioner’s Office (ICO) has published a code of good practice on managing the risks related to anonymisation. Christopher Graham, UK Information Commissioner, believes this to be the first code of practice on anonymisation to be published by any European data protection authority, but Liechtenstein published a guide on anonymisation and pseudonymisation earlier … Continue Reading
The EU’s proposed EU Data Protection Framework encourages the use of privacy seals, certification mechanisms and trust marks. Any organisation which has obtained a privacy seal would be considered to have attained a ‘stamp of approval’, indicating good privacy standards. Anticipating the development of data protection kite marks, the UK Information Commissioner’s Office has launched … Continue Reading
The UK Information Commissioner’s Office (ICO) served a monetary penalty of £50,000 on Prudential, after Pru merged accounts of two people with the same name and same date of birth five years ago. The “mix-up” in administration of two accounts culminated in tens of thousands of pounds ending up in the wrong account. Despite repeated … Continue Reading
Since March of this year, the Information Commissioner’s Office (ICO) has been asking members of the public to report any calls or texts they have received from unknown senders by using an online survey. The survey information has allowed the ICO to focus its investigations on organisations responsible for making unsolicited communications. The ICO received … Continue Reading
The UK Information Commissioner’s Office (“ICO”) has issued guidance on the deletion of personal data. Through this guidance, the ICO seeks to assist organisations with their obligations under the Data Protection Act 1998 (“DPA”) and to promote good practice. The ICO acknowledges that times have changed and that, while one may think placing data in … Continue Reading
