ICO TELLS PEOPLE TO EXPECT DELAYS TO DSARS DURING COVID-19

Given the COVID-19 crisis, it is likely that data protection may no longer at the forefront of every controller’s mind, and rather, that business continuity has taken precedence. Acknowledging this shift and the need for companies to divert business as usual resources to their response to the crisis, the ICO has published two articles on … Read more

The ICO publishes its Age–Appropriate Design Code of Practice for online services

Following a public consultation on its draft code of practice with parents, children, schools, children’s campaign groups, developers, tech and gaming companies and online service providers which closed on 31 May 2019, the Information Commissioner’s Office (ICO) submitted its Age-appropriate design Code of Practice on 12 November 2019 but due to restrictions in the pre-election … Read more

ICO OPENS CONSULTATION ON DATA SUBJECT ACCESS RIGHTS

The ICO (the UK privacy regulator) has published draft guidance on the right of individuals under the GDPR to access their data. Key takeaways include: An acknowledgement that subject access requests can be burdensome, with a requirement to ‘make extensive efforts’ to locate and retrieve information and confirmation that a significant burden does not make … Read more

Facial Recognition Technology and Data Protection Law: the ICO’s view

The Information Commissioner’s Office in the UK (ICO) has announced an investigation into the use of facial recognition technology following a string of high profile uses. Prior to the results of this investigation, companies using facial recognition technology should: undertake a balancing test to ensure proportionality in the use of such technology, acknowledging its intrusiveness; … Read more

Cookie Update: The ICO way

Following on from the ICO’s recent admission around its cookie consent mechanism (for further details see our previous post here), the ICO website was down for a period of time at the end of last week. But now it is back and with a new and “improved” cookie consent mechanism (see here). Read more

GDPR fine in Poland gives important insight into the requirements of Article 14

Last week the Personal Data Protection Office (“UODO“) in Poland issued a €220,000 fine to a digital marketing company for breaching its obligations under Article 14 of the GDPR (i.e. to provide a privacy notice to individuals). The decision has some important practical implications for organisations, including that: the collection of publicly-available information from the … Read more