Author

Benjamin Slinn

Browsing

Questions continue to arise over the interplay of the second Payment Services Directive (PSD2) with the General Data Protection Regulation (GDPR). Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? To this…

The ICO, together with The Alan Turing Institute, recently published its finalised guidance on explaining decisions made with AI, following a public consultation which closed in January this year. Who should read this? The guidance is relevant for any organisation using, or thinking of using, AI to support or make decisions about individuals (including if you are procuring an AI system from a third party).It will be of particular use for DPOs, and legal…

On 8 June 2020 the UK Government published its response to the Department for Digital, Culture, Media and Sport (“DCMS”) Select Committee’s report on Immersive and Addictive Technologies (“Report”). The response sets out the Government’s next steps regarding issues identified in the Report, which will be relevant for companies in the video games sector as well as those involved with immersive technologies. This could result in increased regulation in certain areas. For example, the outcome…

Brian Hengesbaugh is joined by Ben Slinn (Associate, London) and Brandon Moseberry (Partner, Chicago) to discuss developments around Children’s data in the United Kingdom and United States. Tune in to hear: Overview of the final version of the UK ICO’s Age-Appropriate Design Code of Practice for Online ServicesThings companies should do now to address the new codeGeneral guidelines to follow in the US in regards to children’s data https://open.spotify.com/episode/2qsEEttIZxAZmcsXWg7Ka6 Related Resources UK ICO Age Appropriate…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

The final version of the ICO’s Age Appropriate Design Code was published earlier this year. It needs to be approved by Parliament, and there will then be a 12 month period before it comes into force. The ICO expects the Code to be in force by autumn 2021. Although this may sound like a long time away, to comply with the Code existing services will need to be reviewed and where necessary updated, and changes to design…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

In the weeks and months ahead, contact tracing technologies will play a critical role in the societal fight against COVID-19, and the quest to restore order. A number of recent developments both in the European Union and the United Kingdom offer insight on the regulatory expectations in the widespread use of location data for this new health policy purpose. In this post, we summarise key points from the following UK and EU regulatory guidance, which…

On 15 April 2020 the ICO published a statement on its regulatory approach during the coronavirus pandemic. Recognising that operational and financial pressures caused by the coronavirus may impact organisations’ ability to fully comply with aspects of data protection laws, the ICO has stated it intends to apply an empathetic, “flexible and pragmatic” approach in its enforcement of data protection laws during the crisis, as well as any enforcement under the Freedom of Information Act…

The European Commission has published a Recommendation for use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile apps and use of anonymised mobility data. What does the Recommendation cover? The Recommendation establishes a process for developing a common approach (Toolbox) to use digital measures to address the COVID-19 crisis.  The Toolbox will include practical measures for making effective use of technology and data, focusing on a: Pan-European…