A Bite to match its Bark? – What Amazon’s fine means for its Data Subjects
In a landmark case, Amazon has been fined $886m by Luxembourg’s National Commission for Data Protection (CNPD) for serious breaches of the General Data Protection Regulation (GDPR). Whilst the scale of the fine suggest that the GDPR is finally matching the promises of its inception, the circumstance of its reporting still leaves the consumer facing an uphill battle to hold illegal privacy practices to account.Read article
‘Own it all’ – Antitrust, Big Tech, and the battle for ‘Consumer Welfare’
Regulatory watchdogs, the Federal Trade Commission (FTC), and various antitrust lawsuits are beginning to find that Silicon Valley won't give up its monopolies easily. At the heart of this stands the very consumers both parties claim to protect.Read article
‘From the lab to the Market’ – Will the EU’s proposed AI regulation set a new ‘global standard’?
The EU Commission has recently announced a new regulation which aims to govern the development and use of artificial intelligence (AI). The regulation shares many similarities with the general data protection regulation (GDPR). Will this new AI regulation become the global standard, much like the GDPR is the global standard for data privacy?Read article
Rage against the Machine – How Apple’s iOS14.5 might redefine the Data Privacy landscape
Apple is preparing to finally launch its radical iOS 14.5 update. Despite Facebook’s aggressive advertising campaign against it, the update will fundamentally change the way in which Apple customers interact with their personal data, providing the user with granular control over any applications use of their IDFA (Identifier for Advertisers).Read article
Draft UK Adequacy Decision Published
The EU has recently published a draft UK adequacy decision. This is the first step in the UK achieving adequacy status in the eyes of the EU-GDPR. This is positive news for UK and EU businesses, but the decision must still be approved by the European Data Protection Board.Read article
What Happens to the GDPR Post-Brexit?
As of January 2021, the Brexit transition period has ended. As an EU law, many companies may be wondering if the GDPR is still applicable in the UK. This article explores what is happening with UK data privacy laws post-Brexit.Read article
Marriott Hotel: Data Breach
Marriot International has been fined a total of £18.4 million (a reduction from the original £99 million) for its negligence in safeguarding customer personal data that it is responsible for. This breach is interesting, as the breach initially occurred in 2014 (before the GDPR came into effect) and the breach occurred under a different business group 'Starwood Hotels Group' which was acquired by Marriott after the breach occurred.Read article
Now Departing: £20m from British Airways
British Airways airline company has been fined the “biggest to date” sum of £20 Million, by the Information Commissioner’s Office (ICO) for failing to protect the personal data of data subjects which resulted in a security breach.Read article
Court Decision on European Mass Surveillance and the Consequences for Brexit
As a member of the European Union, member states are obliged to abide by some of the strictest privacy laws in the world. Today, UK, French and Belgian national governments all use some form of mass surveillance. In recent years, privacy groups have taken claims to EU courts arguing that this surveillance is illegal. The national governments disagree. The CJEU refuted the claims that mass surveillance is outside their jurisdiction and issued a ruling on the 6th October 2020.Read article
Data Protection Guidance for Test and Trace Schemes
Since the easing of lockdown, during the summer of 2020, many organisations have implemented new measures so that they can re-open safely to the public. For most businesses, this included collecting customers’ and visitors’ personal information to support the UK Government’s approved contact tracing scheme.Read article
India’s First Major Personal Data Protection Bill
India is drafting its first bill that aims to protect the personal data of its citizens. This articles goes over the key differences between the GDPR and the new Indian Personal Data Protection Bill (PDPB) and discusses some controversies surrounding it.Read article
A Timeline of US Mass Surveillance, International Privacy Agreements, and a Disgruntled Austrian
On the 16th July 2020, the CJEU came to a decision on the Schrems II case. The decision invalidated a major EU-US privacy agreement that previously allowed personal data to freely flow between the EU and the US. This court case is the latest chapter in an ongoing saga of privacy activists, commercial selling of ‘big data’ and revelations made by whistle blower Edward Snowden. This article gives a brief timeline of the events leading up to this case.Read article
Is your use of website cookies currently lawful?
Covid-19 Contact Tracing Apps, a Centralised vs. Decentralised Approach
Contact tracing is currently successfully employed in the UK to prevent the spread of sexually transmitted diseases. It is hoped that the development of the NHS app can prevent the spread of Covid-19. Unfortunately, there have been significant concerns over user privacy. There has been debate and even controversy on the centralised vs. decentralised approach.Read article
GDPR individual rights – Is the cost to business just about to explode?
The UK government’s job retention scheme has protected 7.5 million workers and almost 1 million businesses. From the start of August 2020, employers will be asked to pay a percentage towards the salaries of their furloughed staff. Will businesses be able to re-employ all their furloughed workers or will we see a significant number of them being made redundant?Read article
Have I been Pwnd? A Database of Data Breaches
The GDPR was introduced to provide EU citizens with greater protections and control over their personal data. It achieved this by introducing new rights for individuals and by imposing stricter data protection requirements on organisations. But what happens if your personal data was part of a data breach before the GDPR was introduced?Read article
Data Sharing Agreements: What is the Best Practice?
The ICO states that ‘…whenever a controller uses a processor, there must be a written contract (or other legal act) in place...’ The GDPR sets out what needs to be included in the contract. But what happens if you are a controller sharing data with another controller? You need a Data Sharing Agreement.Read article
Are Privacy Notices Just About the GDPR?