Privacy and Data Protection

2022 was another busy year in privacy and data protection. We have seen major new developments at both the EU and the UK level, in terms of new legislation taking effect, changes to the data transfer regime, analytics cookies coming under regulatory spotlight from various EU data protection authorities, and substantial fines issued for breaches of data protection law.

Regulations surrounding privacy and data continue to develop at a rapid pace. Emerging technologies have changed the manner in which personal data is collected and used. These technologies and developments present new challenges for companies and consumers alike. As a result, 2023 could be an exciting and a busy year for privacy and data.

We asked some of our Tech & Data team members in the field to get their opinions on what is likely to happen in privacy and data in 2023:Continue Reading EU and UK privacy and data predictions for 2023

The European Union’s Second Network and Information Systems Directive (“NIS2”) entered into force on 16 January 2023, and replaces the NIS 1 Directive.  NIS2 aims to “improve the resilience and incident response capacities of both the public and private sector and the EU as a whole”. In addition to the EU’s NIS2 update, the UK has also recently expanded its Network and Information Systems Regulations, and further details can be found in our blog here.  The revised directive aims to remove divergences in cybersecurity requirements and in implementation of cybersecurity measures in different member states. To achieve this, it sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each member state. It updates the list of sectors and activities subject to cybersecurity obligations, and provides for remedies and sanctions to ensure enforcement.Continue Reading NIS2 toughens up EU’s cyber security obligations

On 14 July 2022, the UK Information Commissioner’s Office (“ICO”) has launched a public consultation on its draft strategic three year plan, titled “ICO25”. The plan sets out a commitment to safeguard the information rights of the most vulnerable individuals with the aim of empowering people to confidently share their information to use today’s market products and services, with work particularly targeting:

  • children’s privacy;
  • AI-driven discrimination;
  • the use of algorithms within the benefits system; and
  • the impact of predatory marketing calls.

Continue Reading ICO25: ICO sets out its three year strategic plan

On 7 February 2022, the UK Information Commissioner’s Office (ICO) announced that it had launched a consultation on Chapter 3 of its draft guidance on anonymisation, pseudonymisation, and privacy enhancing technologies (PET).
Continue Reading ICO launches consultation on Chapter 3 of updated guidance on anonymisation, pseudonymisation and PET

Avid readers of this blog (and we trust there are many of you!) will recall that the UK government recently published a white paper. The white paper sets out the UK government’s approach to regulating the internet to tackle online harms. The Information Commissioner’s Office (ICO) has just published the Information Commissioner’s (Commissioner) full

Britain’s data protection and broadcasting regulators, the Information Commissioner’s Office and Ofcom, have published a joint Report looking into internet users’ concerns about online harms. The British government’s recently published White Paper, which outlined its approach for regulating the internet to tackle online harms, was informed by this Report.

Methodology

Over 3,000 interviews were

The UK government recently published its response (Government Response) to a House of Lords committee report (Committee Report) discussing prospective regulation of digital services facilitated by the internet.

The Government Response largely accepts the key recommendations of the Committee Report, and finds the Committee Report is closely aligned with the government’s

The UK Government has published a White Paper outlining its approach towards regulating the internet to tackle online harms.

The White Paper cites a study carried out by the UK’s communications regulator (Ofcom) and data protection regulator (Information Commissioner’s Office (ICO)). The study found that nearly one in four British adults suffered harm from either online content or their interactions online. Regulatory and voluntary initiatives currently dealing with online harms were identified by the UK Government as not going far enough or being inconsistently enforced.

Online harm

The White Paper broadly identified what would be considered an online harm. These include activities and content involving:

  • child sexual exploitation and abuse (CSEA)
  • terrorism
  • harassment
  • disinformation
  • encouragement of self-harm and/or suicide
  • online abuse of public figures
  • interference with legal proceedings
  • cyber-bullying
  • children accessing inappropriate content

Continue Reading Sense or censorship? UK government publishes White Paper on tackling online harms

The Council of Europe (CoE) recently issued its recommendation to member states on the protection of health-related data (Recommendation). The Recommendation guides member states to ensure that their law and practice reflect the principles of processing health-related data.

The recommendations stem from Convention 108 which was the first international treaty in the field of data protection. Like the General Data Protection Regulation 2016/679 (GDPR), Convention 108 sets out principles for processing health data, but contains fewer options than GDPR. The Recommendation’s principles related to health data align with GDPR, but in some cases provide more guidance about processing health-related data.

Some of the key recommendations on processing certain health-related data are below.Continue Reading Council of Europe issues recommendation on processing health-related data