9 February 2016
"EU-US Privacy Shield” – a Safe Harbour mark II
The European Commission and the USA have reached a political agreement on a new framework for EU/US data transfers: the “EU-US Privacy Shield”.
18 December 2015
EU Data Protection Regulation: Here at last…well, nearly!
EU Data Protection Reform has been under discussion since 2012 with the intention to “make Europe fit for the digital age”. This week the European Commission, European Parliament and the Council of the European Union have reached agreement on the final wording of the General Data Protection Regulation. The draft Regulation is now widely expected to be formally approved in the new year.
3 November 2015
A bitter pill: Hard lessons learnt by online pharmacy fined for selling customer data
The Information Commissioner has issued a monetary penalty notice (MPN) of £130,000 to Pharmacy2U, the UK's largest NHS approved online pharmacy, after it sold the details of 21,500 customers to third-parties through an online marketing company. The Commissioner’s enforcement activity to date has focussed predominantly upon data security breaches. This is the first MPN for a breach of the first data protection principle under the Data Protection Act 1998 (DPA) which concerns the fair and lawful processing of data. It provides both a reminder of the importance of the first principle and a lesson to all organisations about clear customer communication and consent.
2 November 2015
Judicial review reform: False assumptions replaced by objective research
Contrary to the Government’s repeated claims, judicial review offers value for money and assists in ensuring clarity and development of the law. Research published on 16 October by the Public Law Project, University of Essex and LSE illustrates that negative assumptions justifying the Government reform of judicial review are simply not borne out by the evidence. The report concludes that such claims are “at best misleading and at worst false”.
21 August 2015
Google Spain redux – removing search engine links to stories about removing search engine links
Following the Court of Justice of the European Union decision in the now notorious “Google Spain” case, Google, and other search engine operators, have set up processes to deal with request by individuals to have URL links removed from search results against the individual’s name. Individuals are entitled to have URL links removed where, in summary, the link has an unwarranted and negative impact on an individual’s privacy – and this is judged by reference to information contained on the website which the link leads to.