Free tools and resources for Data Protection Officers!

Tag Archives for " UK "

ICO publishes update report on adtech

For several months ICO has been reviewing how personal data is used in real time bidding (RTB) in programmatic advertising, engaging with key stakeholders directly to understand the views and concerns of those involved.

As a result of research, ICO published Update report into adtech and real time bidding which summarises findings so far. If you operate in the adtech space, it’s time to look at what you’re doing now, and to assess how you use personal data.

Source: Blog: ICO Adtech update report published following industry engagement | ICO

ICO admits its own cookie policy is non-compliant with GDPR

The Information Commissioners Office has admitted that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.

The issue relates to the automatic placing of cookies on a user’s mobile device when accessing the ICO’s website, which one complaint argued was in breach of the Privacy and Electronic Communications Regulations 2003, which sits alongside GDPR.

Source: ICO admits its own cookie policy is non-compliant with GDPR | IT PRO

UK’s DPA Publishes Report on Impact of GDPR

On 30 May 2019, the United Kingdom’s data protection authority – Information Commissionner’s Office (ICO) – released a report, “GDPR: One Year On”, discussing the impact of the GDPR and its associated learnings after one year following its implementation.

Report provides valuable insight into the enforcement practices, EU-wide cooperation, support functions, innovative practices and further growth plans of the ICO.

Source: ICO Publishes Report on Impact of GDPR

Civil liberties group challenges ‘Bulk hacking’ by UK spy agencies

“Bulk hacking” powers exploited by the intelligence services to access electronic devices represent an illegal intrusion into the private lives of millions of people, the high court has been told.

In its latest challenge to the 2016 Investigatory Powers Act (IPA), the civil rights organisation Liberty has argued that government surveillance practices breach human rights law.

Source: ‘Bulk hacking’ by UK spy agencies is illegal, high court told

How did UK’s Government decide that the immigration exemption was in “the general public interest”?

The immigration exemption in Schedule 2 (paragraph 4) of the Data Protection Act 2018 (DPA2018) has always been controversial; it is subject to a judicial review by the High Court, in London, on July 23 & 24.

The controversy arises because an exemption that was not needed by the immigration authorities under the DPA1984, nor under the DPA1998, has nothing to do with crime, tax, any compulsory court order, any mandatory disclosure requirement or national security issue.

Full article: Judicial review: how did the Government decide that the immigration exemption was in “the general public interest”?

UK Publishes Proposed Regulation for IoT Device Security

The United Kingdom’s Department for Digital, Culture, Media and Sport is consulting on regulatory proposals regarding consumer Internet of Things (“IoT”) security.

The regulatory proposals envisage the introduction of a new IoT security label that will evidence connected devices conforming with the top three security requirements set out in the voluntary Code of Practice for Consumer Internet of Things Security

Source: UK Publishes Proposed Regulation for IoT Device Security

Big Tech condemn GCHQ proposal to listen in on encrypted chats

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

If implemented, it will undermine the authentication process, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. Users won’t be able to trust that their communications are secure, thereby posing threats to fundamental human rights, including privacy and free expression.

Source: Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats | TechCrunch

Prince Harry beat paparazzi using GDPR

Prince Harry won a legal dispute with Splash News, a photo agency which used a helicopter to take pictures inside his home.

It is worth noting that legal dispute did not involve a trial, so the issues were never argued in court. Although Splash apologized to Harry in the court statement, it did not admit specific wrongdoing, and could have argued that it did not in fact breach GDPR. It chose to settle instead.

Source: Prince Harry beat paparazzi using GDPR law, new royal weapon vs. media – Business Insider

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

Data transfers as the Brexit clock counts down

Many business owners have spoken of their concern for the impact a “no deal” Brexit could have on personal data transfers between the EU and the UK.

However, some experts say that any adverse fallouts can be easily managed by the use of model clauses for data protection agreements.

Full article: Data transfers as the Brexit clock counts down

1 2 3 38