Security, privacy and trust in software – assessing the ethical impact of technology
Protecting privacy and digital security are becoming increasingly important in everyday life. A lack of trust in software and how it deals with or exposes personal information could negatively impact consumers and the wider EU digital market. Privacy, security and trust in software are promoted by the TRUST aWARE project. They are also, in themselves, […]
EDPB Adopts Guidelines for Restrictions on Data Subject Rights
Article 23 GDPR provides for the EU or individual Member States to legislate for the application of “restrictions” on data subject rights in limited circumstances. Following public consultation, the European Data Protection Board (“the EDPB”) has now adopted guidelines on the application of Article 23, including the assessment to be undertaken before any such restrictions may […]
Regulating after the GDPR: Proposed changes to the role of the ICO
In Sept 2021 the UK Department for Digital, Culture, Media and Sport (DCMS) announced proposals to reform UK data protection legislation. The key changes are focused on making data protection compliance more streamlined and reducing burdens on organisations. However, it also includes proposed changes to the role of the Information Commissioner’s Office (ICO) and its […]
Transparency obligation and data controllers: enforcement across Europe
Much ink has been spilled on the September 2021 decision issued by the Irish Data Protection Commission (DPC) to impose a fine of €225 million on WhatsApp, the second heaviest fine under the General Data Protection Regulation (GDPR). It is noteworthy that the decision was issued after the activation of the dispute resolution mechanism of GDPR article 65, and the necessary intervention of the European Board given that eight National Supervisory Authorities (NSAs) triggered the draft decision of the DPC. However, the […]
The UK is set to diverge from the GDPR
On 9 September 2020, the UK Department for Digital, Culture, Media & Sport (DCMS) published its National Data Strategy, which included: “responsible data” as a core pillar and an associated “securing a pro-growth and trusted data regime” priority mission. This included a June 2021 Taskforce on Innovation, Growth and Regulatory Reform (TIGRR) proposal to: “replace the […]
GDPR fines may be susceptible to significant reductions upon appeal
The General Data Protection Regulation (GDPR) substantially increased the amount that data protection authorities (DPAs) are empowered to fine organisations, to €20m or 4% of worldwide annual turnover. The UK Information Commissioner’s Office (ICO) has issued a limited number of fines for data protection breaches in the first 5 years of the UK GDPR. It […]
WhatsApp transmission of health data results in fine under the GDPR
If you were attending a centre to take a test for COVID-19, how would you expect the responsible organisation to handle your personal data? How about via WhatsApp group conversations on personal mobiles accessible to its former employees? In this article, we consider how a lack of robust identity access management controls may result in […]
Direct marketing guidance for the public sector
The UK Information Commissioner’s (ICO) new guidance aims to help public sector organisations to understand when direct marketing considerations will apply to their messaging. ICO Director of High Priority Investigations & Intelligence Anthony Luhman underlined that: “. . . there are times when the direct marketing rules will apply and we want to help the […]
Using CCTV with Facial Recognition Technology in Public Spaces and Workplaces
The use of CCTV in private homes and public spaces has become increasingly commonplace with such systems often having the capacity for enhanced functionality, including Facial Recognition Technology (“FRT”). This enables people to be identified based on the system’s analysis of their geometric facial features and the potential to compare this data against any other available images. In response, the Dutch DPA has said that this technology risks making us all ‘walking bar codes’. Of course, such functionality can be beneficial in a myriad of circumstances, from unlocking phones and doors, to assisting law enforcement bodies police crowded areas. From […]
Failure to support the data protection officer contravenes the GDPR
A data protection officer (DPO) is working for an organisation that fails to provide them with sufficient resources to complete their tasks and consciously excludes them from meetings in which data protection compliance is likely to be an extensive consideration. Sadly, this will not be an entirely alien experience for many DPOs at some stage […]
