ICO issues £200k fine for unsolicited text messages without valid consent

The Information Commissioner’s Office (ICO) has issued a £200,000 fine to Tax Return Limited (“TRL”) for sending out 14.8m unsolicited marketing text messages (which generated 2146 complaints). The Privacy and Electronic Communications Regulation 2003 (PECR) only permit the sending of marketing emails or text messages if the recipient consents to receiving the messages or is a …

Read moreICO issues £200k fine for unsolicited text messages without valid consent

Which? highlights retailers breaching data protection and privacy laws with their e-receipts

marketing and e-receipts

Research from consumer rights guardian Which? has highlighted the data protection dangers of e-receipts and that some retailers are in breach of data protection and privacy rules when it comes to using them to direct market. Which? sent mystery shoppers to various high street brands and asked to receive e-receipts but with no marketing. However, …

Read moreWhich? highlights retailers breaching data protection and privacy laws with their e-receipts

ICO publishes detailed guidance on the controller-processor relationship

controller processor responsibilities GDPR

Back in September 2017 the ICO published some draft guidance for consultation setting out their views on how to interpret Chapter IV (including Article 28) of the GDPR. Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data …

Read moreICO publishes detailed guidance on the controller-processor relationship

ICO issues fines to organisations who failed to pay the new data protection fee

ICO fines for not paying fee

This week the ICO fined a number of organisations for failure to pay the new data protection fee. The new fee structure came into place on 25 May 2018 when the Data Protection (Charges and Information) Regulations 2018 came into force, changing the way the ICO funds its data protection work. The new Regulations require all …

Read moreICO issues fines to organisations who failed to pay the new data protection fee

What your business can learn from the ICO investigation of Uber

ico fines uber data breach

The ICO have published the conclusions of their investigation into Uber, who, back in 2016 suffered a data breach affecting around 2.7 million UK customers and 82,000 drivers. The ICO have issued a fine of £385,000 to Uber for what it sees as “avoidable data security flaws” allowing unauthorised access to the data and failings …

Read moreWhat your business can learn from the ICO investigation of Uber

What the draft Brexit agreement means for data protection

brexit and data protection

In case you missed it, the Cabinet in Westminster has “agreed” Theresa May’s draft Brexit Agreement for moving the UK out the EU next year. Whilst the media continue to dissect the agreement and whether the Cabinet really does “back” the proposals, and discussions continue about the impact it has on the Northern Ireland border, …

Read moreWhat the draft Brexit agreement means for data protection

EU Blockchain Forum publish “Blockchain and the GDPR” paper

Blockchain and GDPR

The EU Blockchain Forum, an EU forum set up to ” accelerate blockchain innovation and the development of the blockchain ecosystem within the EU, and so help cement Europe’s position as a global leader in this transformative new technology”, has just published a “thematic report” on how blockchain technology fits with the principles and laws of …

Read moreEU Blockchain Forum publish “Blockchain and the GDPR” paper

ICO reports to parliament on data protection and politics and calls for code of practice

politics and data

It was back in May 2017 when the ICO first started looking at the use of “big data” within politics, when it formally announced it will be opening a formal investigation into the use of data for political purposes on the back of the Cambridge Analytica/Facebook scandal. Since then the ICO has investigated and taken …

Read moreICO reports to parliament on data protection and politics and calls for code of practice

What the Morrison’s case tells us about data breach liability

data protection law cases

This week the supermarket Morrisons lost its case at the Court of Appeal over the 2017 judgement that it has “vicarious liability” over a data breach in 2014. The data breach was caused by a disgruntled employee who leaked employee’s payroll information on the internet back in 2014. The employee in question is now serving …

Read moreWhat the Morrison’s case tells us about data breach liability

New research shows 58% of adults worried about data and privacy online

data privacy security harm

The research, produced jointly by the Information Commissioner’s Office (ICO) and Ofcom, the telecoms regulator looked at various aspects of perceived harm online, with data and privacy being just one element of the research (other areas include risks from harmful content and children coming to harm online). The findings indicate that 58% of adults in …

Read moreNew research shows 58% of adults worried about data and privacy online