News

White house
Schrems II Shakes Up Data Privacy: A Landmark Legal Battle for the Digital Age

Tacita has undertaken a large number of assessments and we are still finding that many companies have no knowledge of the Schrems 2 ruling that means that Privacy Shield cannot be relied on for transfers of personal data to the US. Thus we believe it is timely to refresh reader’s minds of what Schrems 2 is and what is required to be considered by companies that have not acted since the Schrems 2 ruling was made.

Read article
The Importance of Assessing Organizations’ GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that went into effect in the European Union (EU) in May 2018. As organizations across the EU and beyond collect and process large amounts of personal data, it is essential to ensure that they are compliant with GDPR regulations. This is where assessments of organizations' GDPR compliance come into play.

Read article
Liz Truss and UK GDPR
A lack of Truss – Why the Government’s plans to replace the UK GDPR are a threat to businesses and data subjects

At the Tory Party conference last week, the UK digital secretary Michelle Donelan announced that the Government planned to replace the UK GDPR with a new data protection legislation. Cutting through the buzz-words and political ‘phrase of the day’, the Government’s plans represent a potentially major change for UK businesses. This change may not be a positive one.

Read article
Principles of the GDPR
Tacita Tips: What are the principles of the GDPR?

At the heart of the GDPR legislation lies the 7 fundamental principles. These guiding tenets underpin all aspects of the GDPR. But what are they and how do they affect your business’ GDPR compliance status? In this blog we’re going to look at each of the 7 principles in turn and provide practical examples of how they are applied in a day-to-day setting.

Read article
Tacita article image
Tacita Tips: Audit your website cookies

Incorrect management of website cookies is one of the most common areas of GDPR non-compliance. Businesses of all sizes and sectors are required to abide by the GDPR’s rules on the application of non-essential cookies and management of consent. But what does this mean for your website and your cookies? In this Tacita Tips we’ll be looking at some common questions that can help you to audit your website cookies.

Read article
Tacita article image
Deterrent rather than punishment: What does Instagram’s $403m fine mean for children’s data privacy

On 2nd September, Instagram and its parent company Meta were fined $403m for inadequate handling of children’s data under the EU GDPR. The fine was the culmination of a long running investigation by the Irish Data Protection Commission (DPC) into the social media company and is the largest fine that Meta has been issued to date. This fine is the second largest ever issued by a European data protection authority, following the €746m fine issued by the Luxembourg data authority against Amazon last year.

Read article
US anti-abortion protest with a protestor holding a 'keep abortion legal' sign aloft
Roe v Wade and The Erosion of Women’s data privacy

The overturning of Roe v Wade by the U.S. Supreme Court on the 24th June this year (2022) has upended women’s reproductive rights in the USA. It is unlikely to end there. As the ripple effects continue to be felt across the States and beyond, serious questions regarding erosion of women’s privacy are being raised. The answers to these privacy questions posit a deeply unsettling future for women in America and the use of their personal data.

Read article
A large number of surveillence cameras on a wall. All are pointing in the same direction and are looking at two people.
Southern Co-Op face complaints over use of Biometric scanners

This month Big Brother Watch and the data rights firm AWO filed a complaint to the Information Commissioners Office (ICO) regarding Southern Co-Op’s use of biometric scanning in several of their stores. This system has been implemented in 35 of Southern Co-Op’s 200+ stores, and is used (according to the Co-Op) to protect customers and colleagues in stores where there has been regular crime. Both Big Brother Watch and AWO have raised significant concerns regarding the application of the system, which is sold by the firm Facewatch.

Read article
Grafitti of a surveillance camera on a concrete wall with the text 'for your safety & our curiosity'.
Safeguarding gone wrong? Project Alpha and the accidental weaponisation of personal data

The recently released data protection impact assessment for a Met Police scheme has caused concertation amongst privacy groups and human rights activists as potential large scale profiling of children's data has been further compounded by allegations of racial bias. Entitled 'Project Alpha', this scheme has proven a useful example of how personal data collected for safeguarding can be accidentally or deliberately weaponised.

Read article
A photo of Euro and US Dollar notes.
Third Time’s the Charm? Why Privacy Professionals are sceptical of ‘Privacy Shield 2.0’

On March 25th 2022, amidst wider discussions on US-EU cooperation, EU Commission President Ursula von der Leyen and US President Joe Biden announced an ‘agreement in principle’ on a new EU-US data sharing system termed the Trans-Atlantic Data Privacy Framework. Yet rather than relief, the announcement has been met with pronounced scepticism by privacy professionals in Europe. The emerging discourse is a product of a difficult relationship between its political ideals and practical realities.

Read article
A photo of Big Ben at sunset.
Coming soon: New UK SCC’s presented to Parliament

This month (February 2022) the Department for Culture, Media and Sport (DCMS) laid before Parliament the new International Data Transfer Agreement (IDTA). This document, as well as its associated transfer addendum and a further document setting out transitional provisions follows a consultation undertaken by the Information commissioner’s office (ICO) in 2021.

Read article
Photo of a phone showing social media icons.
Schrems II in action: the DSB issues its first ruling

The Austrian Data Protection Authority (DSB) has issued its first ruling on a Schrems II model case. In it, the DSB ruled that the Standard Contractual Clauses (SCCs) and Technical Organizational Measures (TOMs) implemented as part of the Google Analytics are not sufficient to protect its EU-US data transfers.

Read article
A phone showing the Twitch app.
Now Streaming: Twitch’s Data

Last month, Amazon’s Twitch streaming service confirmed that it had been the victim of a significant data breach. Around 125GB of data (including the source code for the mobile, desktop, and video game console versions, as well as the earnings of Twitch’s content creators) has been released by the hackers to the anonymous messaging-board website 4Chan.

Read article