ICO fines EE £100,000 for sending text messages to customers without their consent

The ICO has fined EE £100,000 under the Data Protection Act 1998 (“DPA“) for sending text messages to customers without their consent, in breach of the Privacy and Electronic Communications Regulations 2003 (“PECR“). Background In February and March 2018 EE sent direct marketing text message to customers informing them that they would soon be eligible … Read more

Cookie Compliance: How can companies get it right when the regulator does not?

The UK privacy regulator has admitted that its own cookie consent process does not comply with the current GDPR and ePrivacy rules. According to the regulator, a new process will be implemented during the week beginning 24th June 2019, which could give organisations a valuable insight into how to navigate the complex interaction between the … Read more

Probing the rules on automated decision making: article published in Privacy and Data Protection Journal

The Privacy and Data Protection Journal has published an article by Duc Tran, Senior Associate from our Digital TMT, Sourcing & Data Team, exploring automated decision making under the General Data Protection Regulation (GDPR). In recent times, forward-thinking organisations have sought to automate and optimise the effectiveness and efficiency of their operations and decision making … Read more

SHAREHOLDERS ACTIVISM FOCUSES ON PRIVACY ISSUES

With privacy issues these days commonly featuring as a board legal agenda item, recent shareholder activity at Amazon has shown that privacy is also at the forefront of shareholders’ minds. A group of Amazon shareholders sought to prevent the company from selling its facial recognition technology because of privacy concerns. Although the Amazon motions were … Read more

A royal curveball – using the GDPR in privacy disputes

You don't expect to see Prince Harry and the GDPR in the same sentence, but it was reported this week that the Duke of Sussex has settled High Court claims against the paparazzi agency Splash News (Splash), in a case which was based partly on breaches of the GDPR.The Duke of Sussex brought claims against Splash in relation to photographs taken of a house that he was renting. Whilst details of the relevant legal arguments have not been released, Splash's apology statement noted that "[t]his matter concerns a claim for misuse of private information, breaches of The Duke's right to privacy under Article 8 ECHR and breaches of the General Data Protection Regulation and Data Protection Act 2018." Read more