Did you think the ePrivacy Regulation was dead? Think again

eprivacy regulation back

Back in the months leading upto GDPRmaggedon there was talk of a new ePrivacy Regulation that would replace PECR in the UK and streamline cookie and electronic marketing rules (along with some other stuff) and that this would come into force at the same time of GDPR, making a tidy transition to a new GDPR …

Read moreDid you think the ePrivacy Regulation was dead? Think again

ICO publishes new guidance on special category data

GDPR special category data

The ICO have published new guidance on the the processing of special category data. Special category data is data considered to be more sensitive and therefore requiring extra protection. This includes data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (when used for ID purposes), …

Read moreICO publishes new guidance on special category data

Third EU review of Privacy Shield confirms continued adequacy

EU US Privacy Shield

The EU-US Privacy Shield decision was adopted in 2016. It protects the personal data rights of EU citizens when their data is processed by US organisations that have signed up to the scheme. This is one of the ways that data can flow outside the EU to the US (the other being via standard contract clauses) …

Read moreThird EU review of Privacy Shield confirms continued adequacy

Latvian “ICO” issues €7k fine for right of erasure failing

right of erasure fine Latvia

The Latvian Data Protection Authority (the Data State Inspectorate of Latvia (DSI)) has issued a fine of €7000 to an online retailer for non-conformity with a data subjects “right to erasure” and not co-operating with the DSI. The individuals’ right to erasure (or right to be forgotten) allows a data subject to request that any …

Read moreLatvian “ICO” issues €7k fine for right of erasure failing

Court says use of facial recognition by South Wales Police lawful

police use of facial recognition

A case brought by an individual, who argued his human right to privacy had been breached along with data protection law, by South Wales Police use of automated facial recognition, has been thrown out by the High Court stating that the Police had followed the rules and their use of facial recognition technology was lawful. …

Read moreCourt says use of facial recognition by South Wales Police lawful

Will facial recognition ever be legal?

data protection facial recognition

In August, the Swedish data protection authority (i.e. the Swedish equivalent of the UK’s ICO), the Data Inspectorate, has issued a penalty fee of SEK 200,000 (approx. £16,795) to a High School that trialled the use of facial recognition via camera to record student attendance in a class. Despite the system being used in a …

Read moreWill facial recognition ever be legal?

Announcing the new Hub Helpline Assist service

new Hub Assist services

A problem shared, is a problem halved! We’re always looking for ways to add value for our Hub Helpline subscribers. So, today we’re really pleased to announce that as well as the unlimited email, phone and now online chat support and online resources like checklists, FAQs, policy templates, etc. we’ve launched the new Hub Assist …

Read moreAnnouncing the new Hub Helpline Assist service

When does the clock start ticking for a subject access request?

subject access time limits defined by ICO

On the face of it, it seems quite simple: you get one month to deal with a subject access request (SAR or DSAR); Article 12 of the GDPR states the information should be provided “without undue delay and in any event within one month of receipt of the request“, but exactly when does the month …

Read moreWhen does the clock start ticking for a subject access request?

ISO releases new standard for privacy information management

ISO privacy information management

On 6th August the ISO (International Organisation for Standardization) announced what it calls the first international standard for tackling privacy information management. ISO27701 “security techniques for privacy information management” is an extension of the existing ISO27001 (information security) and ISO27002 (information security controls) established standards. Dr Andreas Wolf, Chair of the ISO/IEC technical committee that developed the …

Read moreISO releases new standard for privacy information management

£160k fine for TPS and transparency failings

TPS fine

A boiler replacement company has been fined £160,000 by the ICO for calling over 850,000 people who had registered with the Telephone Preference Service (TPS) and for transparency failings. The Privacy and Electronic Communications Regulations 2003 (PECR) require businesses to have cleaned their phone number data against the TPS before using the data for live …

Read more£160k fine for TPS and transparency failings