Industry news

A photo of Big Ben at sunset.
Coming soon: New UK SCC’s presented to Parliament

This month (February 2022) the Department for Culture, Media and Sport (DCMS) laid before Parliament the new International Data Transfer Agreement (IDTA). This document, as well as its associated transfer addendum and a further document setting out transitional provisions follows a consultation undertaken by the Information commissioner’s office (ICO) in 2021.

Read article
Photo of a phone showing social media icons.
Schrems II in action: the DSB issues its first ruling

The Austrian Data Protection Authority (DSB) has issued its first ruling on a Schrems II model case. In it, the DSB ruled that the Standard Contractual Clauses (SCCs) and Technical Organizational Measures (TOMs) implemented as part of the Google Analytics are not sufficient to protect its EU-US data transfers.

Read article
A phone showing the Twitch app.
Now Streaming: Twitch’s Data

Last month, Amazon’s Twitch streaming service confirmed that it had been the victim of a significant data breach. Around 125GB of data (including the source code for the mobile, desktop, and video game console versions, as well as the earnings of Twitch’s content creators) has been released by the hackers to the anonymous messaging-board website 4Chan.

Read article
A lamppost with a sticker on it. The sticker states 'big data is watching you'.
A Bite to match its Bark? – What Amazon’s fine means for its Data Subjects

In a landmark case, Amazon has been fined $886m by Luxembourg’s National Commission for Data Protection (CNPD) for serious breaches of the General Data Protection Regulation (GDPR). Whilst the scale of the fine suggest that the GDPR is finally matching the promises of its inception, the circumstance of its reporting still leaves the consumer facing an uphill battle to hold illegal privacy practices to account.

Read article
Someone signing a document.
Draft UK Adequacy Decision Published

The EU has recently published a draft UK adequacy decision. This is the first step in the UK achieving adequacy status in the eyes of the EU-GDPR. This is positive news for UK and EU businesses, but the decision must still be approved by the European Data Protection Board.

Read article