Research participants must identify which data sets constitute personal data to ensure compliance with the GDPR. By Frances Stocks Allen and Mihail Krepchev The UK Medical Research Council (MRC) has published a useful guidance note on the identifiability, anonymisation, and pseudonymisation of personal data in the context of research activities (the Guidance). The Guidance reminds … Continue Reading
“Business as usual” for UK-EU data protection transition in 2020. By Gail E. Crawford and Susan Mann On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January 2020 (Withdrawal Agreement). The Withdrawal Agreement maintains the UK pre-Brexit position … Continue Reading
Despite progress, the online advertising industry and UK regulators are still at odds over the “legitimate interest” definition under the GDPR. By Olga Phillips and Elizabeth Purcell Following publication of the UK Information Commissioner’s Office’s (ICO’s) report on adtech and real time bidding in June 2019, the ICO has been working closely with the online … Continue Reading
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading
Following in the footsteps of the CNIL and the ICO, the Berlin DPA will impose a multimillion-euro fine for breach of the GDPR. By Tim Wybitul, Joachim Grittmann, Ulrich Wuermeling, Wolf-Tassilo Böhm, and Isabelle Brams The Berlin Data Protection Authority (Berlin DPA) recently announced that it will issue a multimillion-euro fine for breach of the … Continue Reading
Delicate balance required, as regulators and lobbyist warn of the risks of over-regulation while research indicates users seek greater protection. By Alain Traill Both the ICO and the outgoing Chief Executive of Ofcom have sounded a cautious note regarding the possible consequences of UK proposals to introduce a new regulatory regime intended to combat online … Continue Reading
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance. By Fiona M. Maclean, Laura Holden, and Grace E. Erskine The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO), published guidance on 3 July 2019 to provide greater clarity to organisations grappling with how the … Continue Reading
Online services have until 31 May to respond to 16 draft standards of age-appropriate design. By Fiona Maclean and Olga M. Phillips The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards of age-appropriate design of relevant information society services likely to … Continue Reading
