Blog
Rayner my parade! The importance of specialist advice.
Jemma Brimblecombe
15 March 2016
March Update: EU-US Privacy Shield
Further to our blog of 9 February 2016 (see here), the European Commission (the Commission) has published the draft “adequacy decision” and related legal texts that will provide for the EU-US Privacy Shield (the replacement framework for EU-US personal data transfers). The Commission has also issued a “communication” (i.e. a policy document with no mandatory authority) summarising the steps taken over the past few years to restore trust in EU-US data transfers since the Edward Snowden surveillance revelations.
2 March 2016
Press stop on poor mobile working practices
As the use of mobile devices by employees increases, so too do the risks to businesses of data breaches and a failure to comply with the Data Protection Act 1998 (“DPA”).
The Information Commissioner believes that ever more popular mobile working practices will enhance both the “potential attack surface” for hackers and the risk of data breaches. The DPA requires data controllers to take “appropriate technical and organisational measures…against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.
This article first appeared on www.realbusiness.co.uk in March 2016.
18 December 2015
EU Data Protection Regulation: Here at last…well, nearly!
EU Data Protection Reform has been under discussion since 2012 with the intention to “make Europe fit for the digital age”. This week the European Commission, European Parliament and the Council of the European Union have reached agreement on the final wording of the General Data Protection Regulation. The draft Regulation is now widely expected to be formally approved in the new year.
3 November 2015
A bitter pill: Hard lessons learnt by online pharmacy fined for selling customer data
The Information Commissioner has issued a monetary penalty notice (MPN) of £130,000 to Pharmacy2U, the UK's largest NHS approved online pharmacy, after it sold the details of 21,500 customers to third-parties through an online marketing company. The Commissioner’s enforcement activity to date has focussed predominantly upon data security breaches. This is the first MPN for a breach of the first data protection principle under the Data Protection Act 1998 (DPA) which concerns the fair and lawful processing of data. It provides both a reminder of the importance of the first principle and a lesson to all organisations about clear customer communication and consent.
23 October 2015
Safe Harbor tsunami: a data transfer blockade
Do you worry about the extent to which corporations protect your personal data? An Austrian law student (Max Schrems) acted on such concerns and, as result, toppled a 15 year old international legal agreement between the EU and the US which facilitated the flow of huge quantities of data across the Atlantic. On 6 October 2015, the Court of Justice of the European Union (in Maximilian Schrems v Data Protection Commissioner) invalidated the EU-US Safe Harbor agreement with immediate effect, sending shockwaves through the digital world.