The EU General Data Protection Regulation (GDPR) came into effect on 25 May 2018. It became one of the leading pieces of legislation in the world to offer the highest levels of protection to the personal data of individuals. Many countries followed suit to raise the bar in how organisations handle personal data. The trend … Continue Reading
What is new? During the ICO’s Data Protection Practitioners’ Conference 2021 today, the ICO revealed that it is working on new Standard Contractual Clauses (SCCs) to facilitate transfers of personal data outside the UK. The ICO’s consultation on the new UK SCCs will take place this summer. This is a separate process to the new … Continue Reading
On the 14th of April 2021, the European Data Protection Board (EDPB) adopted two opinions on the European Commission’s draft adequacy decision for the transfers of personal data from the EU to the UK. The EDPB assessed the alignment of the UK Data Protection Act to the GDPR and to the Law Enforcement Directive, and … Continue Reading
The European Commission published a draft decision on UK adequacy for transfers of personal data from the EU to the UK, which you can read here. This EC conducted an assessment of the UK’s GDPR framework under the UK Data Protection Act 2018, including data protection rules applicable to UK law enforcement and national security … Continue Reading
The UK’s supervisory authority, the Information Commissioner’s Office (ICO), published a new data sharing code of practice (Code), available here, which addresses the requirements for data sharing under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). Once approved by Parliament, the Code will become a statutory code of practice. … Continue Reading
After a long period of negotiation, the United Kingdom (UK) and the European Union (EU) have reached a deal on the sharing of personal data, only a few days before the end of the Brexit transition period. The agreed trade deal allows for the continued free flow of personal data from the EU to the … Continue Reading
With the end of the Brexit transition period quickly approaching on 31 December 2020, the future of international data transfers between the UK and the European Union (EU) and European Economic Area (EEA) remains somewhat unclear. As background, Article 44 of the General Data Protection Regulation (GDPR) prohibits the transfer of personal data from the … Continue Reading
Earlier this year, the Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online services (Code). The consultation closed on 31 May 2019 but the ICO has recently released an update on its progress in producing the Code. The finalised Code will be informed … Continue Reading
The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age … Continue Reading
Article 23 of the General Data Protection Regulation (GDPR) allows EU Member States to restrict the scope of data subjects’ GDPR rights and organisations’ GDPR obligations. The Irish data protection authority, the Data Protection Commission (DPC), released guidelines (Guidelines) on GDPR Article 23 on 19 June 2018. The Irish Data Protection Act 2018 (the Act) … Continue Reading
On 7 June 2018, the UK government published a technical note detailing options for future UK-EU cooperation on data protection, post-Brexit. The technical note is part of a series of papers produced by the UK Brexit negotiation team for discussion with the EU, in order to assist with the development of future EU-UK relations. The … Continue Reading
On 6 February 2018, the Article 29 Working Party (WP29) adopted revised guidelines on binding corporate rules (BCRs). These were issued following a period of public consultation that concluded on 17 January 2018. Technology Law Dispatch previously covered the issuing of the draft guidelines last December, in a blog setting out the key elements of … Continue Reading
On 20 February 2018, The Data Protection (Charges and Information) Regulations 2018 (the Regulations) were laid before the UK parliament. The Regulations affect what businesses have to pay when registering their data protection arrangements with the Information Commissioner’s Office (ICO). On 21 February 2018, the ICO issued a guide for data controllers about the proposed … Continue Reading
The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by the ECJ last year when it held that data subjects have a right to compel search engines to remove results … Continue Reading
On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading
This post was written by Cynthia O’Donoghue and James Wilkinson. The ICAEW has partnered with a task force, including the Law Society, the London Stock Exchange, the Takeover Panel and the Confederation of British Industry, to publish a guide on ‘Cyber-Security in Corporate Finance’ for 2014. Please click here to read the issued Client Alert. … Continue Reading
Back in 2011, the Cabinet Office launched a cyber security strategy outlining steps the UK Government would take to tackle cyber crime by 2015. The National Cyber Security Programme invested £650 million funding to support the strategy ‘Protecting and Promoting the UK in a digital world’. Measures proposed by the strategy included: Reviewing existing legislation, … Continue Reading
The UK Data Protection Watchdog, the Information Commissioner’s Office (ICO), has launched a public consultation on their future governance strategy, the ‘2020 Vision for Information Rights’. The ICO is being challenged by significant changes in the regulatory landscape triggered by imminent reform of EU data protection law. Simultaneously, the UK regulator is facing cutbacks in … Continue Reading
This post was written by Cynthia O’Donoghue. An action against the California-based Internet giant, Google, was recently brought in the English courts. The individuals, supported by the campaign group known as Safari Users Against Google’s Secret Tracking, claim that the search engine provider bypassed the security settings on their Apple iPhones and Mac computers in … Continue Reading
This post was also written by Nick Tyler. The UK Minister responsible for government policy on data protection has raised concerns about any proposed “radical rewrite” of the EU Data Protection Directive. Kenneth Clarke, Lord Chancellor and Secretary of State for Justice, called for both flexibility and a common-sense solution to modernising data protection law. He … Continue Reading
This post was written by Nick Tyler. With two weeks to go until implementation of an EU-wide amendment to the law on cookies and consent, the UK’s data protection regulator, the ICO, has issued initial guidance on compliance. It proposes three actions that organisations can take to mitigate their potential exposure to enforcement action in the … Continue Reading
