Fox Rothschild LLP (JD Supra United Kingdom)

The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity. Key Points- •Given the nature and volume of the data it involves, any controller substantively involved in accommodating digital identity verification would need to carry out a Data Protection...

The United Kingdom's High Court of Justice, in the case of Soriano, determined there was no real prospect of success on the merits in a case seeking extraterritorial applicability of the EU's General Data Protection Regulation to a U.S.- based publication that had a significant UK readership for certain of its posts...

The UK Information Commissioner's Office recently issued an enforcement notice against Experian under the General Data Protection Regulation (GDPR) in connection with its actions as a data broker related to direct marketing. Here are 10 key takeaways for data brokers and businesses in general:..

The UK Information Commissioner's Office recently issued an enforcement notice against Experian under the General Data Protection Regulation (GDPR) in connection with its actions as a data broker related to direct marketing. Here are 10 key takeaways for data brokers and businesses in general:..

The London Court of Arbitration (LCIA) released 2020 update to its arbitration and mediation rules (the “Rules updates”), which comes into effect on October 1, 2020. The purpose of the update is to “aim to make the arbitral and mediation processes even more streamlined and clear for arbitrators, mediators and parties alike.” The Rules updates, among other things, address the increased use of...

The United Kingdom's Information Commissioners Office has issued guidance for employers on data protection issues related to the return to the workplace as part of the COVID-19 "new normal." General Principles- Legal Basis- •Testing for symptoms is processing of personal data and subject to the General Data Protection Regulation (GDPR)...

The United Kingdom’s Information Commissioner’s Office has provided it’s guidance on COVID-19 and data privacy. •Public health messages are not direct marketing. •It’s about being proportionate – if some data processing feels excessive, then it probably is...

The United Kingdom's Information Commissioner's Office has issued, for public consultation, draft guidance on the right of access under the General Data Protection Regulation (GDPR). Key takeaways: To Prepare for a Data Subject Access Request: Make information available about how individuals can make a Subject Access Request (SAR), for example, on your website, in leaflets and in your privacy...

The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways: Genetic Data- Genetic analysis that includes enough genetic markers to be unique to an individual is personal data and special category genetic data, even if you have removed other names or identifiers.

The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement. Key takeaways: The use of Live Facial Recognition (LFR) involves processing of personal data and therefore data protection law applies.

Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests.

The UK Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure.

The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are subject to the UK Data Protection Act (this means UK companies as well as companies that provide products and services to individuals in the UK).

Strict is for cookie, that’s good enough for me. The United Kingdom’s Information Commissioner’s Office highlights “strictly necessary” cookies: Strictly necessary cookies are cookies which are essential, not just nice to have: l.for the provision of the service, and not for other functions that you would like.

Analytics cookies in the crossfire. Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance. CNIL – Set list of terms to qualify for an exemption from the need to obtain consent.

Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct): What is the sharing meant to achieve?

Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation): What is the purpose of the data sharing initiative?

The UK’s ICO has issued a report on data protection in the adtech process of real time bidding (RTB). RTB relies on the potential advertiser seeing information about you.

“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham. Denham said companies must understand the risks that they create for others with their data processing, and mitigate those risks.

Beware the unsolicited email. UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice. Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.

“It is important that organizations have appropriate technical and organisational measures in place. This includes having clear data protection policies, taking a ‘data protection by design and default’ approach and continuing to review and monitor performance and adherence to data protection rules and regulations” – says Adam Stevens, Head of Intelligence at the UK Information Commissioner’s...

The UK Information Commissioner’s Office (ICO) has issued expanded guidance on “Personal Data” under the EU General Data Protection Regulation (GDPR). Here are the highlights: - Pseudonymization does not change the status of the data as personal data.

IF Brexit AND Privacy Shield THEN (amend privacy notice). If you use the EU U.S. Privacy Shield mechanism to transfer Personal Data from the UK to the U.S., you will need to amend your privacy disclosure to state specifically that the commitment extends to personal data received from the UK in reliance on Privacy Shield – say new FAQs on the Privacy Shield website.

A Data Protection Impact Assessment (DPIA) is a process, required by the EU General Data Protection Regulation (GDPR), to help identify and minimize the data protection risks of a project.

The UK Information Commissioner’s Office (ICO) has issued a new guidance on the liabilities of Controllers and Processors, advising that the Controller is responsible for assessing that its Processor is competent to process personal data in line with GDPR’s requirements.

The UK Information Commissioner’s Office (ICO) has issued several new guidance documents on Data Controllers, Data Processors and the interaction among them.

For your GDPR compliance: Have a plan. Try your best. Embrace privacy. UK Information Commissioner Elizabeth Denham spoke recently in New Zealand about data breaches and the state of the EU General Data Protection Regulation (GDPR) after six months.

In March 2016, a US auction gallery sold an Old Master oil painting (a sketch of an old woman) for $27,000. The sale price was nearly double the high auction estimate of 15,000. However, when the same painting was recently sold by Sotheby’s London in a July 2017 sale as an authentic Peter Paul Rubens, it achieved a hammer of £416,750 (close to $550,000 USD), which is nearly 20 times the original