The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK government introduced the Data Protection and Digital Information Bill (the Bill) to Parliament on 18 July 2022, following the publication … Continue Reading
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current UK data protection regime (consisting primarily of the UK … Continue Reading
UK government sets out ambitious proposal for reforming the UK data protection landscape. By Gail E. Crawford, Ian Felstead, Fiona M. Maclean, Irina Vasile, Timothy Neo, and Amy Smyth On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new direction” (the Consultation), setting out … Continue Reading
Update confirms the introduction of an active “duty of care” and a dedicated regulator, as part of a comprehensive new online regulatory regime. By Alain Traill, Rachael Astin, Gail E. Crawford, and Patrick Mitchell Following a wave of commentary from industry, the social sector, and other organisations, on 11 February 2020 the UK government set … Continue Reading
Despite progress, the online advertising industry and UK regulators are still at odds over the “legitimate interest” definition under the GDPR. By Olga Phillips and Elizabeth Purcell Following publication of the UK Information Commissioner’s Office’s (ICO’s) report on adtech and real time bidding in June 2019, the ICO has been working closely with the online … Continue Reading
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading
The proposals would grant consumers increasing rights to require providers to share access to their data directly with chosen third parties. By Alain Traill and Gail Crawford The UK government has released a consultation advocating the introduction of sweeping new requirements for service providers to share both consumer data (upon request) and data regarding their own … Continue Reading
The ICO issued notices of intent to fine British Airways and Marriott. What happened? By Gail Crawford, Fiona Maclean, Hayley Pizzey, and Calum Docherty On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about US$230 million) for violating the General Data Protection Regulation … Continue Reading
UK publishes White Paper with hard-hitting regulatory proposals to tackle online harms. By Alain Traill, Stuart Davis, Andrew Moyle, Deborah Kirk and Gail Crawford On 8 April 2019, the Home Office and the Department for Culture, Media and Sport (DCMS) published an “Online Harms White Paper”, proposing a new compliance and enforcement regime intended to … Continue Reading
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. By Fiona M. Maclean and Jane Bentham Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data Protection Board (EDPB) has published two information notes on data transfers in the event … Continue Reading
Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal. By Gail E. Crawford and Jane Bentham “No Deal” Brexit Unless the UK can agree on a deal with the EU that meets the approval of the … Continue Reading
The English High Court has declared that UK legislation which expanded government powers to require communication providers to retain communication traffic data is incompatible with human rights, and is unlawful. The legislation is seen by the government as a key power to ensure that such data is accessible by law enforcement and security services to … Continue Reading
