Data protection

Snapshot

How will GDPR affect the world of internet policy and systems of domain name registration?

18 December 2017

Data protection - ICANN/WHOIS and the GDPR

Read more
Snapshot

No ICO notifications but fees continue under GDPR

18 December 2017

The Information Commissioner’s Office (ICO) has provided guidance as to how its notificationand fee regime will change when the General Data Protection Regulation (GDPR) comes into force in May 2018.

Read more
Snapshot

ICO issues fines for emails asking customers to change marketing preferences

25 September 2017

The ICO has fined Moneysupermarket.com and Morrisons Supermarket a total of £90,500 for emails sent to customers who had previously opted out of marketing messages.

Read more
Snapshot

ICO fines Boomerang Video Ltd for failure to prevent cyber attack

25 September 2017

On 27 June 2017, the Information Commissioner's Office (ICO) fined Boomerang Video Ltd (Boomerang) £60,000 after an investigation found that the SME had failed to take basic steps to stop its website being attacked.

Read more
Snapshot

ICO publishes updated Subject Access Code of Practice

25 September 2017

How should data controllers respond to subject access requests (SARs)?

Read more
Snapshot

Data Protection Working Party adopts Opinion 2/2017 on data processing at work

25 September 2017

How do new technologies affect the balance between employers and employees in the debate over legitimate data monitoring interests vs the privacy expectations of individuals?

Read more
Snapshot

Government publishes the Data Protection Bill

25 September 2017

The UK government published the Data Protection Bill (Bill) on 14 September 2017. The Bill will replace the Data Protection Act 1998 (DPA) and transfer the General Data Protection Regulation (GDPR) into domestic law (with a few derogations, as discussed below). Post-Brexit, the Bill will continue to regulate data protection in the UK.

Read more
Snapshot

ICO revised code of practice for dealing with subject access requests

12 June 2017

The ICO has recently published a revised Code of Practice on subject access requests (SARs).

Read more
Snapshot

ICO guidance on consent under the GDPR – the latest

12 June 2017

The Information Commissioner’s Offce (ICO) ran a consultation on the draft guidance on consent under the General Data Protection Regulation (GDPR) this springtime.

Read more
Snapshot

The march of the SARs: Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74; and Ittihadieh v 5-11 Cheyne Gardens & Ors and Deer v Oxford University [2017] EWCA Civ 121

12 June 2017

When can legal professional privilege (LPP) be used to block a subject access request (SAR)? And when can the “disproportionate effort” exemption be used to block a SAR?

Read more
Snapshot

ICO issues fines for emails seeking consent to marketing

Published on 12 June 2017. By Adam Forster, Senior Associate

The ICO has fined Flybe and Honda a total of £83,000 for emails sent to customers to obtain consent to future marketing messages.

Read more
Snapshot

RSA: ICO issues £150,000 fine

20 March 2017

The ICO has fined Royal & Sun Alliance (RSA) £150,000 for losing the personal information of nearly 60,000 customers.

Read more
Snapshot

Data protection: “Post-Brexit” data transfers and privacy standards

20 March 2017

In February 2017, the UK Government published a white paper setting out its approach to the forthcoming negotiations on exiting the European Union, and its vision for a “post-Brexit” settlement.

Read more
Snapshot

Data protection - Supervisory authorities one-stop-shop: WP29 guidelines

20 March 2017

The final draft of the GDPR enables local regulators to deal with local issues which relate only to their territory.

Read more
Snapshot

Data protection officers WP29: guidelines

20 March 2017

When the GDPR comes into force in May 2018, it will be mandatory for certain data controllers and processors to designate a Data Protection Offcer (DPO).

Read more
Snapshot

Data protection - The right to data portability: WP29 guidelines

20 March 2017

WP29 has published guidelines on the interpretation and implementation of the right to data portability under Article 20 of the General Data Protection Regulation.

Read more
Snapshot

Data protection: the new ePrivacy Regulation

20 March 2017

The EU Commission has published its proposal for a new ePrivacy Regulation.

Read more
Snapshot

Nuisance calls

13 December 2016

From Spring 2017, directors can each be fined up to £500,000 by the Information Commissioner's Office (ICO) if their firms are found to be in breach of the Privacy and Electronic Communications Regulations (the Regulations) by making nuisance calls.

Read more
Snapshot

Investigatory Powers Act: Royal assent

13 December 2016

On 29 November 2016, the Queen gave royal assent to the Investigatory Powers Bill, marking the end of the controversial bill’s passage into law.

Read more
Snapshot

TalkTalk: how quickly must you notify a personal data breach?

13 December 2016

How quickly must you notify the ICO following notification of a personal data breach? And what lessons can be learned from the tight timescales currently imposed on communications providers as all businesses head towards 72 hour data breach notification under the GDPR?

Read more
Snapshot

TalkTalk: ICO issues record fine

13 December 2016

The ICO has issued a record £400,000 fine to TalkTalk for failing to keep personal data secure in breach of the Data Protection Act 1998 (DPA).

Read more
Snapshot

New ICO Code on Privacy Notices Transparency and Control

13 December 2016

The Information Commissioner’s Office (ICO) has recently issued a new Code of Practice on Privacy Notices, Transparency and Control (the Code).

Read more
Snapshot

Data protection: Bangura v Loughborough University [2016] EWCH 1503 (QB)

03 October 2016

Can an organisation’s breach of its data protection policy give rise to a claim under the Data Protection Act 1998 (the DPA) and/or a breach of contract claim?

Read more
Snapshot

Data protection: US privacy shield

03 October 2016

The EU published the draft text of the much-anticipated “Privacy Shield” deal on 29 February. This was amended following criticisms and the revised text was formally adopted by the European Commission on 12 July 2016. Companies have been able to certify with the US Department of Commerce since 1 August 2016.

Read more