On June 20, 2017, the UK Information Commissioner’s Office published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. The revisions more closely align the ICO’s position with the court’s judgments.… Continue Reading
With just under one year to go before the EU General Data Protection Regulation becomes law across the European Union, the UK Information Commissioner’s Office has continued its efforts to help businesses prepare for the new law, including by issuing updated guidance and its Information Rights Strategic Plan 2017-2021. The ICO also has taken steps to address its own role post-Brexit.… Continue Reading
Recently, the UK Information Commissioner’s Office published draft guidance regarding the consent requirements of the EU General Data Protection Regulation that sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. … Continue Reading
On February 13, 2017, the Parliament of Australia passed legislation that amends the Privacy Act of 1988 and requires companies with revenue over 3 million AUD (2.3 million USD) to notify affected Australian residents and the Australian Information Commissioner in the event of an "eligible data breach."… Continue Reading
On January 31, 2017, the Times of London reported that UK Prime Minister Theresa May plans to invoke Article 50 of the Treaty on European Union at the beginning of March, meaning that formal Brexit negotiations with the EU could begin thereafter.… Continue Reading
On November 21, 2016, against the backdrop of the EU General Data Protection Regulation and Brexit, UK Information Commissioner Elizabeth Denham delivered a keynote speech reiterating the government’s position that the GDPR will be implemented in the UK.… Continue Reading
On October 24, 2016, the UK Secretary of State for Culture, Media and Sport confirmed that the UK will implement the EU General Data Protection Regulation (“GDPR”) by May 2018. The UK Information Commissioner, Elizabeth Denham, has officially welcomed this confirmation and said that the UK must stay on top of the continuing digital economy … Continue Reading
On October 20, 2016, the Centre for Information Policy Leadership hosted a side workshop at the International Conference of Data Protection & Privacy Commissioners focused on transparency and risk assessment, entitled “The Role of Risk Assessment and Transparency in Enabling Organizational Accountability in the Digital Economy.”… Continue Reading
On October 13, 2016, Elizabeth Denham, the UK Information Commissioner, suggested at a House of Commons Public Bill Committee meeting that directors of companies who violate data protection laws should be personally liable to pay fines.… Continue Reading
On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading
On June 28, 2016, the UK Information Commissioner's Office released its Annual Report for 2015 - 2016. This blog post provides a summary of the report.… Continue Reading
On June 23, 2016, the UK held a referendum to decide upon its continued membership in the European Union. The outcome has resulted in the decision for the UK to withdraw its membership from the European Union. Despite the result, data protection standards are unlikely to be affected.… Continue Reading
On May 24, 2016, the UK Information Commissioner’s Office published priorities for preparing for the EU General Data Protection Regulation.… Continue Reading
On April 27, 2016, the UK House of Commons Culture, Media and Sport Select Committee confirmed Elizabeth Denham’s appointment as Information Commissioner. Denham, currently the Privacy and Information Commissioner for British Columbia, Canada, was announced as the UK Government’s preferred choice on March 22, 2016.… Continue Reading
On March 22, 2016, the UK government confirmed Elizabeth Denham as its preferred candidate to replace Christopher Graham as Information Commissioner.… Continue Reading
On March 14, 2016, the UK’s Information Commissioner’s Office published a guide, “Preparing for the General Data Protection Regulation (GDPR) – 12 Steps to Take Now.” The guide sets out a number of points that should inform organizations’ data privacy and governance programs ahead of the anticipated mid-2018 entry into force of the GDPR. … Continue Reading
On October 27, 2015, David Smith, the UK Deputy Commissioner of the Information Commissioner’s Office, published a blog post commenting on the ongoing Safe Harbor compliance debate in light of the Schrems v. Facebook decision of the Court of Justice of the European Union.… Continue Reading
On September 25, 2015, the UK Information Commissioner’s Office issued a fine of 200,000 pounds to Home Energy and Lifestyle Management Ltd. for making a large number of automated marketing calls in violation of the UK’s direct marketing laws. … Continue Reading
On October 6, 2015, the Court of Justice of the European Union issued its judgment in the Schrems v. Facebook case that empowers the national data protection authorities to investigate and suspend international data transfers, and concludes that the Safe Harbor Decision is invalid. … Continue Reading
On September 17, 2015, Prime Minister David Cameron issued a Written Ministerial Statement, announcing that policy responsibility for data protection issues and the UK Information Commissioner’s Office (the “ICO”) will both be transferred from the Ministry of Justice (the “MoJ”) to the Department for Culture, Media & Sport, (the “DCMS”) with the changes taking effect … Continue Reading
On September 2, 2015, the Information Commissioner’s Office announced an investigation into the data sharing practices of charities in the United Kingdom. The announcement follows the publication of an article in a UK newspaper highlighting the data sharing and marketing practices of certain charities.… Continue Reading
On July 28, 2015, the UK Supreme Court announced its decision to grant permission in part for Google to appeal the England and Wales Court of Appeal’s decision in Google Inc. v Vidal-Hall and Others. … Continue Reading
On May 11, 2015, the French Data Protection Authority announced that it will participate, along with 28 other data protection authorities in the Global Privacy Enforcement Network, in a joint online audit to assess whether websites directed toward children comply with global privacy laws.… Continue Reading
On April 10, 2015, the UK Information Commissioner's Office published a summary of the feedback received from its July 2014 report on big data and data protection. This blog entry provides key highlights set forth in the summary.… Continue Reading
