IPSO issues guidance on using material taken from social media

On 4 July 2017 the Independent Press Standards Organisation (the “IPSO“) published guidance for editors and journalists seeking advice on how the Editors’ Code of Practice applies to the use of material taken from social media to support or illustrate a particular story (the “Guidance“).

The Editors’ Code of Practice sets the framework for the highest professional standards for journalists and the IPSO’s role is to uphold the Editor’s Code of Practice. The Guidance does not replace the Code of Practice – it provides a framework of key questions for editors and journalists to consider when comply with the Code of Practice. Continue reading

EU – US Privacy Shield adequacy decision incorporated into the EEA Agreement

On 12 July 2016 the European Commission adopted an “adequacy decision” allowing for the transatlantic transfer of personal data from the EU to the US in accordance with the framework and principles of the EU-US Privacy Shield (the “Privacy Shield”). This new framework was established following the previous transfer mechanism, the US Safe Harbour, being found invalid by the ECJ in October 2015. Continue reading

Google DeepMind trial failed to comply with data protection law

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind.

The Trust provided personal data of approximately 1.6 million patients to Google’s Deep Mind as part of clinical safety tests of a new application ‘Streams’. The application is designed to provide an alert, diagnosis and detection system for acute kidney injury. However an ICO investigation found several issues with the way in which the personal data was handled, including that patients were not adequately informed of how their data would be used (i.e. as part of the clinical safety tests). These shortcomings amounted to non-compliance with at least four of the eight data protection principles under the Act. Continue reading

Liberty granted rights to challenge the Snoopers’ Charter

The Investigatory Powers Act 2016 (the “Act“) received Royal Assent on 29 November 2016. Dubbed the “Snoopers’ Charter” it has been heavily criticised by various commentators, including the advocacy group Liberty.

The main source of criticism has been around the requirements for bulk retention of data (such as communications data and internet connection records) and the increased ability of public authorities to access such data. Communications data is the ‘who’, ‘where’, ‘when’, ‘how’ and ‘with whom’ of a communication, but not the content, whilst internet connection records are records of the services that have been accessed by any device. Continue reading

House of Lords EU Committee Report on Brexit and the EU Data Protection Package

On 18 July 2017 the House of Lords European Union Committee (the “Committee“) published a report covering the impact of Brexit on four aspects of the EU Data Protection Package:

  • the General Data Protection Regulation (the “GDPR“) which will become directly applicable in all EU member states with effect from 25 May 2018. A Data Protection Bill is expected to be introduced by Parliament after the summer recess.
  • the Police and Criminal Justice Directive (the “PJC“) which EU member states must transpose into national law by 6 May 2018;
  • the EU-US Privacy Shield which enables personal data transfers from the EU to the US for commercial purposes and replaced the previous Safe Harbour international transfer mechanism to the US; and
  • the EU-US Umbrella Agreement which establishes a common framework for the protection of personal data transferred between the EU and the US for criminal law enforcement purposes.

Continue reading