Author

Benjamin Slinn

Browsing

Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…

There have been a number of EU and UK developments affecting transfers of personal data. We summarise the key ones below and set out some practical steps to take in light of these developments. Any organisation which transfers personal data to or from the EU27 will need to work out what changes are required to address these new developments. We won’t have full clarity until the European Commission and EDPB finalise their current drafts but…

The UK data protection regulator, the Information Commissioner’s office, has issued three significant monetary penalties over recent months focusing on cyber security issues. The most recent enforcement was a monetary penalty of £1.25 million on Ticketmaster in connection with an incident which occurred during February 2018 and June 2018 (although the enforcement only relates to the period after 25 May 2018 when the GDPR came into force). In the ICO’s view there was a failure…

The UK data protection regulator, the Information Commissioner’s Office, has issued a monetary penalty to £20m on British Airways in connection with a cyber-attack which took place in 2018. In the ICO’s view there was a failure to process personal data in a manner that ensured appropriate security, as required under Articles 5(1)(f) and Articles 32 of the GDPR. The incident commenced with a “supply chain attack” where BA’s network was accessed by an attacker…

Questions continue to arise over the interplay of the second Payment Services Directive (PSD2) with the General Data Protection Regulation (GDPR). Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? To this…

The ICO, together with The Alan Turing Institute, recently published its finalised guidance on explaining decisions made with AI, following a public consultation which closed in January this year. Who should read this? The guidance is relevant for any organisation using, or thinking of using, AI to support or make decisions about individuals (including if you are procuring an AI system from a third party).It will be of particular use for DPOs, and legal…

On 8 June 2020 the UK Government published its response to the Department for Digital, Culture, Media and Sport (“DCMS”) Select Committee’s report on Immersive and Addictive Technologies (“Report”). The response sets out the Government’s next steps regarding issues identified in the Report, which will be relevant for companies in the video games sector as well as those involved with immersive technologies. This could result in increased regulation in certain areas. For example, the outcome…

Brian Hengesbaugh is joined by Ben Slinn (Associate, London) and Brandon Moseberry (Partner, Chicago) to discuss developments around Children’s data in the United Kingdom and United States. Tune in to hear: Overview of the final version of the UK ICO’s Age-Appropriate Design Code of Practice for Online ServicesThings companies should do now to address the new codeGeneral guidelines to follow in the US in regards to children’s data https://open.spotify.com/episode/2qsEEttIZxAZmcsXWg7Ka6 Related Resources UK ICO Age Appropriate…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

The final version of the ICO’s Age Appropriate Design Code was published earlier this year. It needs to be approved by Parliament, and there will then be a 12 month period before it comes into force. The ICO expects the Code to be in force by autumn 2021. Although this may sound like a long time away, to comply with the Code existing services will need to be reviewed and where necessary updated, and changes to design…