Author

Joanna De Fonseka

Browsing

So far, much of the discussion surrounding last week’s Court of Justice of the European Union “Schrems II” decision has focused on the implications for personal data transfers to the United States or other non-European countries, but its impact will be felt in the UK, as well, and add a further layer of complexity for companies preparing for Dec. 31, when the Brexit transition period will end. The key question at this stage is whether…

The ICO, together with The Alan Turing Institute, recently published its finalised guidance on explaining decisions made with AI, following a public consultation which closed in January this year. Who should read this? The guidance is relevant for any organisation using, or thinking of using, AI to support or make decisions about individuals (including if you are procuring an AI system from a third party).It will be of particular use for DPOs, and legal…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

Joanna de Fonseka, a senior associate in Baker McKenzie’s London office, joins host Brian Hengesbaugh to discuss the use of contact tracing apps in the United Kingdom. Download and listen to learn: Takeaways from the recent guidance from the ICO on contact tracing appsKey privacy considerations as the use of contact tracing apps becomes a reality in the midst of the COVID-19 pandemicDevelopments at the EU level regarding contact tracing apps and mobility data https://open.spotify.com/episode/0jtEkAQeYjZKdZkKp0ewGX…

In the weeks and months ahead, contact tracing technologies will play a critical role in the societal fight against COVID-19, and the quest to restore order. A number of recent developments both in the European Union and the United Kingdom offer insight on the regulatory expectations in the widespread use of location data for this new health policy purpose. In this post, we summarise key points from the following UK and EU regulatory guidance, which…

On 15 April 2020 the ICO published a statement on its regulatory approach during the coronavirus pandemic. Recognising that operational and financial pressures caused by the coronavirus may impact organisations’ ability to fully comply with aspects of data protection laws, the ICO has stated it intends to apply an empathetic, “flexible and pragmatic” approach in its enforcement of data protection laws during the crisis, as well as any enforcement under the Freedom of Information Act…

With a changing digital landscape and emerging data driven technologies, the rules of the Directive on Privacy and Electronic Communications (Directive 2002/58/EC) are in need of updating. The proposed E-Privacy Regulation was intended to address new legal challenges and complement the General Data Protection Regulation (GDPR) in relation to privacy in electronic communications. The first draft of the E-Privacy Regulation was presented in January 2017, with the aim that it would be passed quickly and would apply from May…

On March 2, 2020, the Information Commissioner’s Office (ICO) issued a lead generator, CRDNN Limited (CRDNN), with a maximum £500,000 fine under the Privacy and Electronic Communications Regulations 2003 (PECR) for making more than 193 million automated nuisance calls.  The full monetary penalty notice can be viewed here. What happened? CRDNN first came to the ICO’s attention due to a significant number of complaints from subscribers regarding large volumes of unsolicited marketing calls marketing a number of…