On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.
Continue Reading
United Kingdom
EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
Posted on
At its plenary meeting today in Brussels, the European Data Protection Board adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.…
Continue Reading
ICO Releases Discussion Paper on Regulatory Sandbox Beta Phase
Posted on
On January 30, 2019, the UK Information Commissioner’s Office released a discussion paper on the upcoming beta phase of its regulatory sandbox initiative.…
Continue Reading
Elizabeth Denham, UK Information Commissioner Receives Queen’s Honor
Posted on
The UK Information Commissioner’s Office recently announced that Elizabeth Denham, UK Information Commissioner, was awarded a CBE for her services to protecting information. The Centre for Information Policy Leadership would like to congratulate Elizabeth Denham on this honor and all of her achievements.…
Continue Reading
UK House of Commons Rejects Draft Brexit Withdrawal Agreement
Posted on
On January 15, 2019, the UK House of Commons rejected the draft Brexit Withdrawal Agreement negotiated between the UK Prime Minister and the EU, and the UK ICO recently published guidance for businesses regarding the consequences of a UK exit without a deal remains relevant. This blog entry provides highlights on the guidance. …
Continue Reading
Austrian DPA Issues Decision on Validity of Cookie Consent Solution
Posted on
On November 30, 2018, the Austrian Data Protection Authority published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website.…
Continue Reading
Irish DPC Issues Preliminary Guidance on Data Transfers in the Event of a “No Deal” Brexit
Posted on
On December 21, 2018, the Irish Data Protection Commission published preliminary guidance on data transfers to and from the UK in the event of a “no deal” Brexit.…
Continue Reading
CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach
Posted on
On December 20, 2018, the CNIL announced that it imposed a fine of €400,000 on Uber France SAS for failure to implement some basic security measures which resulted in the 2016 Uber data breach.…
Continue Reading
Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data
Posted on
Posted in European Union, International
On December 20, 2018, the Department of Commerce updated its frequently asked questions on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019. The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after such time. …
Continue Reading
ICO Notifies More Than 900 Organizations of Failure to Pay Required Data Protection Fee
Posted on
Posted in European Union, International
In the UK, the Information Commissioner’s Office introduced a requirement for organizations to pay a “data protection fee,” which data controllers falling under the ICO’s scope must pay once a year. We highlight details of the fee in this blog entry.…
Continue Reading