Fox Rothschild LLP (JD Supra United Kingdom)
-
The Data Protection/Digital Identity Dilemma: ICO Weighs In On UK Proposal
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity. Key Points- •Given the nature and volume of the data it involves, any controller substantively involved in accommodating digital identity verification would need to carry out a Data Protection...
-
UK High Court Sets High Bar For Extraterritorial Application Of GDPR
The United Kingdom's High Court of Justice, in the case of Soriano, determined there was no real prospect of success on the merits in a case seeking extraterritorial applicability of the EU's General Data Protection Regulation to a U.S.- based publication that had a significant UK readership for certain of its posts...
-
UK ICO Issues Enforcement Notice To Experian: Ten Lessons For Data Brokers
The UK Information Commissioner's Office recently issued an enforcement notice against Experian under the General Data Protection Regulation (GDPR) in connection with its actions as a data broker related to direct marketing. Here are 10 key takeaways for data brokers and businesses in general:..
-
UK ICO Issues Enforcement Notice To Experian: Ten Lessons For Data Brokers
The UK Information Commissioner's Office recently issued an enforcement notice against Experian under the General Data Protection Regulation (GDPR) in connection with its actions as a data broker related to direct marketing. Here are 10 key takeaways for data brokers and businesses in general:..
-
LCIA Releases Update To Its Arbitration Rules
The London Court of Arbitration (LCIA) released 2020 update to its arbitration and mediation rules (the “Rules updates”), which comes into effect on October 1, 2020. The purpose of the update is to “aim to make the arbitral and mediation processes even more streamlined and clear for arbitrators, mediators and parties alike.” The Rules updates, among other things, address the increased use of...
-
UK ICO Offers Guidance On Back-To-Work Data Privacy Issues
The United Kingdom's Information Commissioners Office has issued guidance for employers on data protection issues related to the return to the workplace as part of the COVID-19 "new normal." General Principles- Legal Basis- •Testing for symptoms is processing of personal data and subject to the General Data Protection Regulation (GDPR)...
-
UK Information Commissioner’s Office On COVID-19 And GDPR
The United Kingdom’s Information Commissioner’s Office has provided it’s guidance on COVID-19 and data privacy. •Public health messages are not direct marketing. •It’s about being proportionate – if some data processing feels excessive, then it probably is...
-
Right Of Access Under GDPR: Draft Guidance From The UK ICO
The United Kingdom's Information Commissioner's Office has issued, for public consultation, draft guidance on the right of access under the General Data Protection Regulation (GDPR). Key takeaways: To Prepare for a Data Subject Access Request: Make information available about how individuals can make a Subject Access Request (SAR), for example, on your website, in leaflets and in your privacy...
-
UK ICO Provides Guidance On Processing Sensitive Information
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways: Genetic Data- Genetic analysis that includes enough genetic markers to be unique to an individual is personal data and special category genetic data, even if you have removed other names or identifiers.
-
United Kingdom Issues Guidance On Law Enforcement Use Of Facial Recognition
The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement. Key takeaways: The use of Live Facial Recognition (LFR) involves processing of personal data and therefore data protection law applies.
-
How To Count To 30: UK ICO Sets Timeline For Responding To Data Subject Requests
Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests.
-
Life, Libra And The Pursuit Of Data Protection
The UK Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure.
-
UK Data Protection Agency Issues New Guidelines for Data Sharing
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are subject to the UK Data Protection Act (this means UK companies as well as companies that provide products and services to individuals in the UK).
-
Which Cookies Are ‘Strictly Necessary?’ The UK’s Information Commissioner’s Office Provides Guidance
Strict is for cookie, that’s good enough for me. The United Kingdom’s Information Commissioner’s Office highlights “strictly necessary” cookies: Strictly necessary cookies are cookies which are essential, not just nice to have: l.for the provision of the service, and not for other functions that you would like.
-
CNIL, ICO Offer Differing Approaches To Analytics Cookies
Analytics cookies in the crossfire. Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance. CNIL – Set list of terms to qualify for an exemption from the need to obtain consent.
-
ICO Data Sharing Code: Controller-Controller Data Sharing Agreement Checklist
Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation): What is the purpose of the data sharing initiative?
-
Sharing Data? Key Questions To Ask According To The ICO’s Draft Guidelines
Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct): What is the sharing meant to achieve?
-
UK Information Commissioner’s Office Reports On Data Privacy Concerns With Adtech/Real Time Bidding
The UK’s ICO has issued a report on data protection in the adtech process of real time bidding (RTB). RTB relies on the potential advertiser seeing information about you.
-
UK Information Commissioner: Organizations Must Be Accountable For Data Security Under GDPR
“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham. Denham said companies must understand the risks that they create for others with their data processing, and mitigate those risks.
-
Spam, Spam, Spam: Pension Company Fined For Unsolicited Emails
Beware the unsolicited email. UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.
-
UK Data Protection Authority Advises Doctors On Patient Requests For Access To Health Information
Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice. Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.
-
ICO Sweep Shows Companies Need Work On ‘Technical And Organisational Measures’
“It is important that organizations have appropriate technical and organisational measures in place. This includes having clear data protection policies, taking a ‘data protection by design and default’ approach and continuing to review and monitor performance and adherence to data protection rules and regulations” – says Adam Stevens, Head of Intelligence at the UK Information Commissioner’s...
-
What Qualifies As Personal Data Under GDPR? UK Information Commissioner’s Office Issues Expanded Guidance
The UK Information Commissioner’s Office (ICO) has issued expanded guidance on “Personal Data” under the EU General Data Protection Regulation (GDPR). Here are the highlights: - Pseudonymization does not change the status of the data as personal data.
-
Use Privacy Shield? Prepare To Amend Your Privacy Notice To Account For Brexit
IF Brexit AND Privacy Shield THEN (amend privacy notice). If you use the EU U.S. Privacy Shield mechanism to transfer Personal Data from the UK to the U.S., you will need to amend your privacy disclosure to state specifically that the commitment extends to personal data received from the UK in reliance on Privacy Shield – say new FAQs on the Privacy Shield website.
-
UK ICO Issues Guidance On Data Protection Impact Assessments
A Data Protection Impact Assessment (DPIA) is a process, required by the EU General Data Protection Regulation (GDPR), to help identify and minimize the data protection risks of a project.
-
GDPR Guidance: Data Controllers Are Responsible For Processors’ Competency
The UK Information Commissioner’s Office (ICO) has issued a new guidance on the liabilities of Controllers and Processors, advising that the Controller is responsible for assessing that its Processor is competent to process personal data in line with GDPR’s requirements.
-
The ICO Speaks: New Guidance On Contracts, Data Controllers And Processors
The UK Information Commissioner’s Office (ICO) has issued several new guidance documents on Data Controllers, Data Processors and the interaction among them.
-
UK Information Commissioner Offers Insight Into GDPR Enforcement Approach
For your GDPR compliance: Have a plan. Try your best. Embrace privacy. UK Information Commissioner Elizabeth Denham spoke recently in New Zealand about data breaches and the state of the EU General Data Protection Regulation (GDPR) after six months.
-
Sotheby’s London Sells Portrait Of An Old Women As Authentic Rubens And Fetches 20 Times The Original Hammer
In March 2016, a US auction gallery sold an Old Master oil painting (a sketch of an old woman) for $27,000. The sale price was nearly double the high auction estimate of 15,000. However, when the same painting was recently sold by Sotheby’s London in a July 2017 sale as an authentic Peter Paul Rubens, it achieved a hammer of £416,750 (close to $550,000 USD), which is nearly 20 times the original