Latvian “ICO” issues €7k fine for right of erasure failing

right of erasure fine Latvia

The Latvian Data Protection Authority (the Data State Inspectorate of Latvia (DSI)) has issued a fine of €7000 to an online retailer for non-conformity with a data subjects “right to erasure” and not co-operating with the DSI. The individuals’ right to erasure (or right to be forgotten) allows a data subject to request that any …

Read moreLatvian “ICO” issues €7k fine for right of erasure failing

Court says use of facial recognition by South Wales Police lawful

police use of facial recognition

A case brought by an individual, who argued his human right to privacy had been breached along with data protection law, by South Wales Police use of automated facial recognition, has been thrown out by the High Court stating that the Police had followed the rules and their use of facial recognition technology was lawful. …

Read moreCourt says use of facial recognition by South Wales Police lawful

Will facial recognition ever be legal?

data protection facial recognition

In August, the Swedish data protection authority (i.e. the Swedish equivalent of the UK’s ICO), the Data Inspectorate, has issued a penalty fee of SEK 200,000 (approx. £16,795) to a High School that trialled the use of facial recognition via camera to record student attendance in a class. Despite the system being used in a …

Read moreWill facial recognition ever be legal?

Announcing the new Hub Helpline Assist service

new Hub Assist services

A problem shared, is a problem halved! We’re always looking for ways to add value for our Hub Helpline subscribers. So, today we’re really pleased to announce that as well as the unlimited email, phone and now online chat support and online resources like checklists, FAQs, policy templates, etc. we’ve launched the new Hub Assist …

Read moreAnnouncing the new Hub Helpline Assist service

When does the clock start ticking for a subject access request?

subject access time limits defined by ICO

On the face of it, it seems quite simple: you get one month to deal with a subject access request (SAR or DSAR); Article 12 of the GDPR states the information should be provided “without undue delay and in any event within one month of receipt of the request“, but exactly when does the month …

Read moreWhen does the clock start ticking for a subject access request?

ISO releases new standard for privacy information management

ISO privacy information management

On 6th August the ISO (International Organisation for Standardization) announced what it calls the first international standard for tackling privacy information management. ISO27701 “security techniques for privacy information management” is an extension of the existing ISO27001 (information security) and ISO27002 (information security controls) established standards. Dr Andreas Wolf, Chair of the ISO/IEC technical committee that developed the …

Read moreISO releases new standard for privacy information management

£160k fine for TPS and transparency failings

TPS fine

A boiler replacement company has been fined £160,000 by the ICO for calling over 850,000 people who had registered with the Telephone Preference Service (TPS) and for transparency failings. The Privacy and Electronic Communications Regulations 2003 (PECR) require businesses to have cleaned their phone number data against the TPS before using the data for live …

Read more£160k fine for TPS and transparency failings

Greek DPA -v- PwC highlights consent not suitable lawful basis for employee data

consent and employee data

The Greek equivalent of the ICO have issued a €150,000 fine of PwC for having the wrong lawful basis for processing for their employee’s data. PwC required employees to consent to the processing of their data when other lawful basis were more applicable; furthermore, PwC had also failed to properly document their lawful basis for …

Read moreGreek DPA -v- PwC highlights consent not suitable lawful basis for employee data

Patient confidentiality -v- data protection, highlight of ICO’s review of Royal Free/Google compliance

ICO to look at duty of confidentiality patient data

The ICO has published information on its review of the Royal Free NHS Foundation Trust and the Trust’s use of the Google DeepMind AI project to analyse patient data. This follows up the case from a couple of years back whereby the Trust were found to be in breach of data protection law as the …

Read morePatient confidentiality -v- data protection, highlight of ICO’s review of Royal Free/Google compliance

Cybersecurity, children’s privacy & marketing practices are main concerns according to ICO privacy tracker survey

Survey shows drop in trust

The ICO have published their Annual Tracker, a survey looking at public perceptions of privacy and data protection. The main aim of this research was: To gauge public perceptions and awareness of how data is shared with and used within organisations and to monitor any change in the trust and confidence in how data is …

Read moreCybersecurity, children’s privacy & marketing practices are main concerns according to ICO privacy tracker survey