Information Commissioners Office

On April 9, 2021, the First-Tier Tribunal of the General Regulatory Chamber stayed proceedings in Ticketmaster UK Limited’s (“Ticketmaster’s”) appeal against a fine issued by the UK Information Commissioner’s Office (“ICO”) until 28 days after a judgment in civil litigation brought by 795 customers against Ticketmaster. The group action, which relates to the breach for which Ticketmaster was fined by the ICO, is currently before the High Court in England. As a result of the stay in proceedings, the appeal likely will not be heard before the Tribunal until mid to late 2023.

Continue Reading Ticketmaster Appeal of ICO Fine Stayed by UK Tribunal Until 2023

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”.
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions

On January 19, 2021, the UK Information Commissioner’s Office published its analysis of the application of the UK General Data Protection Regulation to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission.
Continue Reading ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement. For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.
Continue Reading EU-UK Trade Deal: What It Means For Post-Brexit Data Flows

On December 2, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport’s UK National Data Strategy consultation. In its response, CIPL highlights several considerations for DCMS when further developing and implementing its NDS.
Continue Reading CIPL Submits Response to UK DCMS’ National Data Strategy Consultation

On November 10, 2020, Hunton Andrews Kurth will host a webinar examining the data protection considerations that arise on the UK’s departure from the EU. The UK’s Brexit transition period ends on December 31, 2020, and it is not clear whether the EU will formally recognize the UK’s data protection regime as ‘adequate.’ What does this mean for companies’ plans to update their data transfer mechanisms? Is adequacy the holy grail it is widely believed to be? What other issues must be considered? Is there still time?

Continue Reading Webinar on Brexit and Adequacy: Separating Fact from Fiction

On October 22, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport (“DCMS”) call for views and evidence on its review of representative actions under Section 189 of the Data Protection Act 2018 (“DPA”). Section 189 requires the UK government to review the operation of the representative action provisions of the DPA and provide a report to Parliament by November 25, 2020.

Continue Reading CIPL Submits Response to DCMS Consultation on Representative Actions