What the draft Brexit agreement means for data protection

brexit and data protection

In case you missed it, the Cabinet in Westminster has “agreed” Theresa May’s draft Brexit Agreement for moving the UK out the EU next year. Whilst the media continue to dissect the agreement and whether the Cabinet really does “back” the proposals, and discussions continue about the impact it has on the Northern Ireland border, the economy, what it will mean to business, etc… it’s also worth pointing out the the agreement also includes some bits about data protection compliance […]

EU Blockchain Forum publish “Blockchain and the GDPR” paper

Blockchain and GDPR

The EU Blockchain Forum, an EU forum set up to ” accelerate blockchain innovation and the development of the blockchain ecosystem within the EU, and so help cement Europe’s position as a global leader in this transformative new technology”, has just published a “thematic report” on how blockchain technology fits with the principles and laws of the General Data Protection Regulation (GDPR). If you’re wondering what blockchain is then the report provides a helpful summary (in its appendices) but essentially it’s […]

ICO reports to parliament on data protection and politics and calls for code of practice

politics and data

It was back in May 2017 when the ICO first started looking at the use of “big data” within politics, when it formally announced it will be opening a formal investigation into the use of data for political purposes on the back of the Cambridge Analytica/Facebook scandal. Since then the ICO has investigated and taken action against a number of high profile organisations including Facebook (fined £500m last month) and SCL (the company behind Cambridge Analytica). And this week, the […]

What the Morrison’s case tells us about data breach liability

data protection law cases

This week the supermarket Morrisons lost its case at the Court of Appeal over the 2017 judgement that it has “vicarious liability” over a data breach in 2014. The data breach was caused by a disgruntled employee who leaked employee’s payroll information on the internet back in 2014. The employee in question is now serving a prison sentence and whilst Morrisons were able to demonstrate they were not the cause of the breach (i.e. they had appropriate security in place, […]

New research shows 58% of adults worried about data and privacy online

data privacy security harm

The research, produced jointly by the Information Commissioner’s Office (ICO) and Ofcom, the telecoms regulator looked at various aspects of perceived harm online, with data and privacy being just one element of the research (other areas include risks from harmful content and children coming to harm online). The findings indicate that 58% of adults in the UK are concerned about data and/or privacy online, with fraud or identify theft being the main threat of concern; 54% were concerned about hacking […]

ICO urges better transparency as trust in companies processing data rises slightly

ico report trust confidence data protection

In its annual review on the state of data protection awareness and trust, the ICO’s Annual Track highlights a small increase in trust of companies and organisations processing their data. The research highlights that 34% of people have high trust and confidence, compared to 21% in 2017. However, people seem to be more likely to trust public bodies than private businesses with their data (which is slightly contrary to Edelman Trust Barometer findings (although not specifically looking at data processing)). The full […]

ICO 2017-18 Annual Report: Data protection complaints and breach reports up

ICO annual report increase

  The Information Commissioner’s Office has published their 2017-2018 Annual Report (covering the 12 months leading up to 31st March 2018) highlighting an increase in activities and some challenging activities. The report is the ICO’s annual report to parliament as required by the Data Protection Act 1998. Bearing in mind that it covers the year in the lead up to the GDPR deadline (25th May) and so doesn’t cover any impact (initial or long term), it still presents some interesting […]

EU and Japan agree data protection adequacy

Japan EU Adequacy

  This week the EU and Japan have agreed to recognise each others data protection regulations as “adequate” meaning that once the formalities are completed (later this year), Japan will be added to the list of non-EU countries who have adequate data protection regimes. The GDPR and the Data Protection Directive before it, puts in place restrictions on the transfer of personal data outside the EU. Transfer only being allowed when the country where the data will be processed: Has […]

DCMS consults on data protection fee exemptions


The Department for Culture, Media and Sport (DCMS) has published a consultation on exemptions under the Data Protection Act 2018 from paying a registration fee to the ICO. Under the old Data Protection Act 1998 there were obligations to notify the ICO if you process data, unless an exemption applied. Under the GDPR, which the new (2018) Act implements there are no such conditions for registration, but the new Data Protection (Charges and Information) Regulations, which came into force on […]

Is this the end of US Privacy Shield?

EU-US Privacy Shield

Last week the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) called on the EU Commission to suspend the EU-US Privacy Shield agreement, saying Privacy Shield doesn’t provide enough protection for EU citizens’ data. What’s Privacy Shield? Privacy Shield was adopted in 2016, replacing the previous agreement (Safe Harbor) which had been determined in 2015, to be inadequate in meeting EU standards of data protection. In essence the Privacy Shield provides the grounds by which US businesses can […]