Tag

United Kingdom

Browsing

The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…

The MHRA has issued guidance on managing access to electronic personal health data processed during clinical trials. Clinical trials sponsors, via clinical research associates (CRAs) or monitors, verify and oversee the data collected and analysed during clinical trials (Source Data Verification). They review medical records to ensure this matches the data collected by the sponsor. The guidance addresses the challenges posed to patient confidentiality by electronic health records (EHRs) during this review process. The guidance…

A new report provides a bold roadmap for the NHS to maximise the impact of its health data. The report, titled NHS data: Maximising its impact on the health and wealth of the United Kingdom, advocates for the UK government to take action now, before the UK is leapfrogged by other countries in health innovation. The report (available here) is from Imperial College London’s Institute of Global Health Innovation. The report examines some of the…

On February 19, 2020 the ICO published its draft guidance on the AI auditing framework for public consultation, which is open until April 1, 2020. We have summarised the key themes below. What is the draft guidance? The draft guidance, which runs to over 100 pages, provides advice and recommendations on how to understand data protection law in relation to artificial intelligence. It clarifies how to assess the data protection risks posed by AI and…

In this edition of the Data Protection Download, Benjamin Slinn and Zelander Gray cover the latest UK and Europe-wide updates in data protection. Topics covered in this month’s update include: Brexit ICO’s new age appropriate design code European Data Protection Board guidelines on connected vehiclesEDPB Guidance on processing personal data through video devices Met Police use of live facial recognition EUR 27.8 million fine imposed by Italian SAAviva v Oliver: Breach of confidence Click here…

The ICO has published its final Age Appropriate Design Code of Practice for Online Services, following a public consultation last year. The code sets out 15 standards applicable to certain online services aimed at or likely to be accessed by children, requiring the “best interests” of the child to be the primary driver of product and service design. Who should read this? Anyone that designs or develops online services will need to consider whether the…

A few days ago the Government published its Initial Response to the public consultation on the Online Harms White Paper (April 2019). The Online Harms White Paper sets out the intention of the government to improve protections for users online through the introduction of a new duty of care. The subsequent 12 week consultation period received over 2400 responses from a range of stakeholders. This response provides an overview of these responses and the government’s…

After January 31, 2020 the UK ceases to be a Member State of the European Union and, under the terms of the Withdrawal Agreement agreed between the UK and the EU-27, a transition period applies until December 31, 2020. From a data protection perspective, this has a number of implications. We have summarised the key points below, including what happens after the UK leaves the EU on January 31, the implications for international data transfers,…

On January 8, 2020 the ICO published its draft Direct Marketing Code of Practice for public consultation, which is open until 4 March 2020. We are summarized the status of the draft code, the key areas which are new compared to the ICO’s current direct marketing guidance, and the next steps. What is the draft code and its status? The Information Commissioner is required to publish a statutory direct marketing code under the Data Protection…