fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " UK "

UK Publishes Proposed Regulation for IoT Device Security

The United Kingdom’s Department for Digital, Culture, Media and Sport is consulting on regulatory proposals regarding consumer Internet of Things (“IoT”) security.

The regulatory proposals envisage the introduction of a new IoT security label that will evidence connected devices conforming with the top three security requirements set out in the voluntary Code of Practice for Consumer Internet of Things Security

Source: UK Publishes Proposed Regulation for IoT Device Security

Big Tech condemn GCHQ proposal to listen in on encrypted chats

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

If implemented, it will undermine the authentication process, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. Users won’t be able to trust that their communications are secure, thereby posing threats to fundamental human rights, including privacy and free expression.

Source: Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats | TechCrunch

Prince Harry beat paparazzi using GDPR

Prince Harry won a legal dispute with Splash News, a photo agency which used a helicopter to take pictures inside his home.

It is worth noting that legal dispute did not involve a trial, so the issues were never argued in court. Although Splash apologized to Harry in the court statement, it did not admit specific wrongdoing, and could have argued that it did not in fact breach GDPR. It chose to settle instead.

Source: Prince Harry beat paparazzi using GDPR law, new royal weapon vs. media – Business Insider

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

Data transfers as the Brexit clock counts down

Many business owners have spoken of their concern for the impact a “no deal” Brexit could have on personal data transfers between the EU and the UK.

However, some experts say that any adverse fallouts can be easily managed by the use of model clauses for data protection agreements.

Full article: Data transfers as the Brexit clock counts down

ICO’s draft Age Appropriate Design Code could seriously impact child data processing

On 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design. The Code will remain open for public consultation until 31 May 2019.

The consultation document is described as a “code of practice for online services likely to be accessed by children.” However, its potential impact is in fact wider, and is perhaps better described as applying to all online services that are not demonstrably unlikely to be accessed by children, which it controversially defines as individuals under 18.

Full article: ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

ICO launches the ‘Be Data Aware’ campaign

The UK’s Information Commissioner’s Office (ICO) is launching the ‘Be Data Aware’ campaign to help the general public understand how organisations use their data.

The ‘Be Data Aware’ campaign helps people understand how organisations might be using their data to target them online, as well as informing people on how they can control it.

Source: ICO launches the ‘Be Data Aware’ campaign

UK tax authority deletes non-consensually obtained voice files

The UK tax authority is deleting the voice records of five million taxpayers, because the data was not collected in compliance with General Data Protection Regulation standards.

Under the EU’s data laws which came into being in May of last year, organisations are not allowed to harvest or use the personal and private data of data subjects, without going through the proper channels of consent.

Source: HMRC deletes non-consensually obtained voice files

The future of the ePrivacy Regulation and the impact of Brexit on its application in UK

The European Parliament set out its position on the Regulation in October 2017. However, the Council of the EU, which is made up of ministers of the Member States, has not yet come to a position on the legislation.

The Regulation cannot be adopted until the Council of the EU has come to a position and the Council of the EU and the European Parliament have agreed on a text. It is likely that any adoption of the Regulation will not take place before 2020.

Full article: The future of the ePrivacy Regulation and the impact of Brexit on its application in UK – Privacy, Security and Information Law Fieldfisher

New laws should strengthen security across Internet of Things

New laws may soon be passed to improve the security of IoT gadgets, in the wake of an increasing number of hacking incidents taking place on favourite consumer devices.

New legislation designed to shore up protection may force such items to have their own unique password that users would have to key in before the gadgets can be activated.

The new laws, which have been launched by Digital Minister, Margot James, would also oblige manufacturers to install a new labelling system on IoT products to clearly inform consumers of the product’s safety levels.

Source: New laws should strengthen security across Internet of Things

>