Tacita Wordpress

Someone signing a document.
Draft UK Adequacy Decision Published

The EU has recently published a draft UK adequacy decision. This is the first step in the UK achieving adequacy status in the eyes of the EU-GDPR. This is positive news for UK and EU businesses, but the decision must still be approved by the European Data Protection Board.

Read article
A photo of a swimming pool and deck chairs by the sea.
Marriott Hotel: Data Breach

Marriot International has been fined a total of £18.4 million (a reduction from the original £99 million) for its negligence in safeguarding customer personal data that it is responsible for. This breach is interesting, as the breach initially occurred in 2014 (before the GDPR came into effect) and the breach occurred under a different business group 'Starwood Hotels Group' which was acquired by Marriott after the breach occurred.

Read article
Grafitti of a surveillance camera on a concrete wall with the text 'for your safety & our curiosity'.
Court Decision on European Mass Surveillance and the Consequences for Brexit

As a member of the European Union, member states are obliged to abide by some of the strictest privacy laws in the world. Today, UK, French and Belgian national governments all use some form of mass surveillance. In recent years, privacy groups have taken claims to EU courts arguing that this surveillance is illegal. The national governments disagree. The CJEU refuted the claims that mass surveillance is outside their jurisdiction and issued a ruling on the 6th October 2020.

Read article
Photo of a shop window with a sign stating that the shop is closed due to covid-19.
Data Protection Guidance for Test and Trace Schemes

Since the easing of lockdown, during the summer of 2020, many organisations have implemented new measures so that they can re-open safely to the public. For most businesses, this included collecting customers’ and visitors’ personal information to support the UK Government’s approved contact tracing scheme.

Read article
A computer screen in a dark room. The screen shows a man looking through binoculars. The binocular lens' have the facebook logo photoshopped in.
A Timeline of US Mass Surveillance, International Privacy Agreements, and a Disgruntled Austrian

On the 16th July 2020, the CJEU came to a decision on the Schrems II case. The decision invalidated a major EU-US privacy agreement that previously allowed personal data to freely flow between the EU and the US. This court case is the latest chapter in an ongoing saga of privacy activists, commercial selling of ‘big data’ and revelations made by whistle blower Edward Snowden. This article gives a brief timeline of the events leading up to this case.

Read article
A person working at a laptop.
Is your use of website cookies currently lawful?

If you have not reviewed your cookie policy since October of 2019, it may not be. Many large corporations appear to be ignorant of a ruling (case C-673/17 - Planet49) that was made by the Court of Justice of the European Union (CJEU). The ruling clarifies how cookies should be managed and the subsequent impact on cookie statements. Indeed, many corporations appear to be breaking the law, even 7 months after the ruling.

Read article