Subscribe to UK RSS Feed

The Brexit Transition Period: Are You Ready?

With the end of the Brexit transition period fast approaching, we have examined the potential impact on data privacy compliance in the UK and the EU/EEA and prepared a guide which provides practical advice on how to prepare to ensure that your organization is in the best position possible to deal with the outcome of … Continue Reading

ICO and Australian Information Commissioner Team-up to Investigate Clearview AI, Inc. Facial Recognition Tool and Data Scraping

Last week (9th July), the ICO announced that it would join forces with the Office of the Australian Information Commissioner (OAIC) to investigate the use of personal information, including biometric data, by Clearview AI, Inc. (Clearview). Limited information is available so far, but given the focus of the investigation, this is an important step in … Continue Reading

The UK Government and the Information Commissioner Provide Guidance on the Collection of Contact-Tracing Information by Hospitality & Leisure Businesses

As businesses in the hospitality and leisure industries are permitted to re-open in England, the Government is asking them to keep a temporary record of their customers and visitors, in order to support NHS Test and Trace.  This information will be requested by NHS Test and Trace in the event that someone who has tested … Continue Reading

COVID-19: Key Privacy Concerns Raised by the UK’s “Back-to-Work” COVID-19 Safety Measures

As businesses in the UK begin to re-open, as the lockdown lifts, they must ensure that they have effective measures in place to combat the spread of the virus within their workplace. This may include physical measures, such as the use of personal protective equipment and restructuring the office or site to enable social distancing. … Continue Reading

A Timely Reminder: Maintain Data Security in the Face of the Pandemic

The ongoing Coronavirus pandemic and related Government guidance, requiring social distancing and individuals to work from home where possible, has resulted in many organisations rapidly having to adapt the way in which they operate. Despite the unprecedented challenges that will need to be faced over the coming weeks, including in many cases significantly reduced resources … Continue Reading

The UK Government Sets Out How it Will Use Data During the Pandemic

Recently, the ICO published a statement about the use of mobile phone tracking during the COVID-19 crisis. The statement provided that generalised location data, where properly anonymised and aggregated, does not fall under the remit of data protection laws. In addition to this statement, the government has now set out further information on how it … Continue Reading

Morrisons Data Breach – Revisiting the “Rogue Employee” Question

As reported last week in our sister blog, Employment Law Worldview, the UK Supreme Court in a landmark decision has reversed the earlier decision of the Court of Appeal, finding that Morrisons is not vicariously liable for the actions of a disgruntled employee who unlawfully disclosed personal data belonging to nearly 100,000 colleagues.… Continue Reading

Further Update from ICO on COVID-19 and Individuals

The ICO has updated its own blog with more helpful information, this time for individuals who may be worried about the increased processing of their own personal data and sensitive information, in light of the ongoing COVID-19 crisis. Of interest to businesses and employers, is the recognition that whilst employees might think requests for information … Continue Reading

Update – ICO Issues Guidance on Data Protection and Coronavirus (COVID-19)

Further to our earlier blog on the data protection aspects of responding to COVID-19, we note that the ICO have now issued guidance on the matter, answering some of the key questions for organisations, businesses and employers. This is helpful guidance, issued under a statement aimed at public bodies and health practitioners, (so could easily … Continue Reading

Data Protection Issues Raised by Guidance and Efforts to Prevent the Spread of COVID-19

As government agencies and businesses attempt to deal with the ramifications of Covid-19, the potential impact on privacy rights should not be overlooked.  Certain measures that are under consideration to help combat the threat of the Covid-19 virus raise a number of questions about the practical impact of current guidance and efforts to prevent the … Continue Reading

PCI Data Security Standard Compliance Falling: What Could it Cost You?

Is compliance with payment card data security standards being ignored? In a world where data breach scrutiny and sanctions have increased dramatically, compliance with payment card security standards have fallen. Sam Tibbetts has drafted a post on our sister blog, Global IP & Technology Law, detailing the Payment Card Industry Data Security Standard, why businesses … Continue Reading

ICO Consults on the Processing of Criminal Convictions Personal Data

The ICO has recently launched a call for views on criminal convictions and offences data, or related security measures, under Article 10 of the GDPR. It is specifically consulting on market practice and understanding in this area. The Legal Framework The legal framework surrounding the collection and use of criminal convictions data is complex and … Continue Reading

ICO Wants to Hear Your Views on the Design of its New Accountability Toolkit

In an October 28, 2019 blog post, Director for Regulatory Assurance, Ian Hulme, announced that the UK Information Commissioner’s Office (“ICO”) is developing a new ‘accountability toolkit’ which it plans to launch next year. The aim of the toolkit will be to support organisations in demonstrating their compliance with the ‘accountability principle’ under the GDPR[1]. … Continue Reading

UK Ministry of Justice Announces Changes Regarding Privacy and Data Protection Claims

This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading

Cookie Guidance from the UK ICO

Many websites rely on implied consent to set cookies notwithstanding the fact that website cookies require the same opt-in consent as marketing emails.  The UK Information Commissioner’s Office (ICO) has made it clear in its new guidance that “opt-in”’ consent must be obtained to set non-essential cookies, such as analytics cookies. Our team has published … Continue Reading

Are DPOs the Best Solution?

On 30 April, Squire Patton Boggs and the Digital Policy Alliance held an event entitled “Data Governance Under the GDPR: Are DPOs the Best Solution?” The aim of the session was to explore different approaches to the management of tasks involved in data governance, data protection and compliance, and the advantages and disadvantages of having … Continue Reading

Have You Paid Your Data Protection Fee?

The ICO has issued a penalty notice to over 100 organisations for failing to pay their data protection fee. Failing to pay this fee due to an innocent mistake may not be accepted as a viable excuse, as demonstrated by the recent judgement in Farrow & Ball Limited v The Information Commissioner (Dismissed) [2019] UKFTT … Continue Reading

How Might a No-Deal Brexit Impact Your Organisation’s Data Protection Obligations?

The UK Parliament has today, 15th January 2019, rejected the Government’s Brexit withdrawal agreement with the EU. This turn of events, which was widely anticipated, increases the prospect of a no deal Brexit, i.e. a break-up without a divorce settlement. According to law, the UK will leave the EU on 29th March 2019 with no … Continue Reading

The ICO’s New Year’s Resolutions

The ICO has published a draft Regulatory Action Policy (“Policy”) on 28 June 2018 available here, supplementing its Information Rights Strategic Plan for 2017-2021 (here) and International Strategy for 2017-2021 (here). This Policy provides an overview of how and to what extent the ICO will use its newly expanded regulatory enforcement powers provided by the … Continue Reading

The Impact of Data Protection on Children

Many readers may be reading this blog when a notification from their fitness tracker pops up instructing them to stand up. Children are now beginning to wear trackable devices too. These devices are connected to the internet and may process a child’s personal data. Many children have and use social media accounts and there is … Continue Reading