Free tools and resources for Data Protection Officers!

Tag Archives for " UK "

New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data

This form of international data-sharing could put Americans’ privacy at risk and expose citizens to potential Fourth Amendment abuses, critics say. The possible agreement stems from the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, for which Justice Department officials have lobbied since 2016 and which President Donald Trump signed into law in March.

Full article: New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data, Human Rights Groups Warn

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

Brexit and data protection – what’s new now?

EU leaders have signed off the withdrawal agreement between the UK and the EU, as well as the political declaration on the framework for the future relationship between the UK and the EU. The political declaration is an outline of what a future EU-UK trade agreement might look like. But the trade agreement has yet to be negotiated and that process won’t start until the UK has left the EU on 29th March 2019. If negotiations are quick (and successful) then the intention is that the future trade agreement between the EU and the UK would come into force at the end of the transition period (31st December 2020, but the transition period could be extended).

Full article: Brexit and data protection – what’s new now?

Companies ‘can sack workers for refusing to use fingerprint scanners’

Fair Work Commission rejects case by Queensland sawmill worker who said scanning system was a breach of his privacy Businesses using fingerprint scanners to monitor their workforce can legally sack employees who refuse to hand over biometric information on privacy grounds, the Fair Work Commission has ruled.

Full article: Companies ‘can sack workers for refusing to use fingerprint scanners’

Parliament seizes cache of Facebook internal papers

British parliament has used its legal powers to seize internal Facebook documents in an extraordinary attempt to hold the US social media giant to account after chief executive Mark Zuckerberg repeatedly refused to answer MPs’ questions.

The seizure is the latest move in a bitter battle between the British parliament and the social media giant. The struggle to hold Facebook to account has raised concerns about limits of British authority over international companies that now play a key role in the democratic process.

Full article: Parliament seizes cache of Facebook internal papers | Technology | The Guardian

Uber fined more than $1 million by U.K. and Dutch authorities

Uber was fined a combined $1.17 million by British and Dutch authorities Tuesday for a 2016 data breach that exposed the personal details of millions of customers. The penalties come from the U.K.’s Information Commissioner’s Office and the Dutch Data Protection Authority.

Source: Uber fined more than $1 million by U.K. and Dutch authorities

Uber fined £385,000 for data breach affecting millions of passengers

Uber’s European operation has been fined £385,000 for a data breach that affected almost 3 million British users, the Information Commissioner’s Office has announced.

In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide. The records included passengers’ full names, phone numbers, email addresses, and the location where they had signed up.

Source: Uber fined £385,000 for data breach affecting millions of passengers

Timescale set for data protection ‘adequacy’ decision after Brexit

On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.

According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.

Full article: BREXIT: timescale set for data protection ‘adequacy’ decision

UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK Information Commissioner’s Office (“ICO”) issued a warning to the U.S.-based The Washington Post over its approach to obtaining consent for cookies to access the service. The Washington Post presents readers with option of free access to a limited number of articles dependent on consent to the use of cookies and tracking for the delivery of personalized ads. To avoid a third party ad tracking (and advertising), a higher fee premium subscription should be choosed.

ICO concluded that since The Washington Post has not offered a free alternative to accepting cookies, consent cannot be freely given and the newspaper is in contravention of Article 7(4) of the EU General Data Protection Regulation (“GDPR”).

Source: UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

1 2 3 30
>