A change in approach to subject access? ICO Publishes Updated DSAR Guidance

Summary The ICO (the UK privacy regulator) has updated its guidance on data subject access rights, and the revised guidance appears to be aimed at giving organisations practical advice on managing and responding to subject access requests by including further detail and examples. Although the revised guidance has not changed dramatically, it is fair to … Read more

HOW TO CALCULATE A GDPR FINE – THE PROPOSED ICO WAY

The Information Commissioner’s Office in the UK (the “ICO”) has published for consultation its draft statutory guidance setting out how it will regulate and enforce data protection legislation in the UK. The document explains all of the ICO’s key powers (including information notices, assessment notices, enforcement notices and penalty notices). Perhaps most interestingly for organisations, … Read more

COVID-19: ICO OPINES ON APPLE AND GOOGLE’S CONTACT TRACING TECHNOLOGY (UK)

On 17 April 2020, the ICO published an opinion by the Information Commissioner (the “Commissioner”) on Apple and Google’s joint initiative to develop COVID-19 contact tracing technology (the “Opinion”, available here). Summary The Commissioner found the CTF to be aligned with principles of data protection by design and by default. Controllers designing contact tracing apps … Read more

COVID-19: ICO publishes details of its regulatory approach during COVID-19 (UK)

The ICO has published details of its regulatory approach during the ongoing COVID-19 emergency; this is an approach which should reassure entities who are adapting to the economic and practical realities of operating in the current climate, as well as balancing their data protection obligations.  The UK regulator has continued to be reasonable and pragmatic, … Read more

ICO TELLS PEOPLE TO EXPECT DELAYS TO DSARS DURING COVID-19

Given the COVID-19 crisis, it is likely that data protection may no longer at the forefront of every controller’s mind, and rather, that business continuity has taken precedence. Acknowledging this shift and the need for companies to divert business as usual resources to their response to the crisis, the ICO has published two articles on … Read more

The ICO publishes its Age–Appropriate Design Code of Practice for online services

Following a public consultation on its draft code of practice with parents, children, schools, children’s campaign groups, developers, tech and gaming companies and online service providers which closed on 31 May 2019, the Information Commissioner’s Office (ICO) submitted its Age-appropriate design Code of Practice on 12 November 2019 but due to restrictions in the pre-election … Read more

International Data Privacy Day: Our predictions for 2020

What better day than today, International Data Privacy Day, to explore what 2020 is likely to have in store for data and privacy? Almost two years ago the EU General Data Protection Regulation (GDPR) thrust data and privacy issues firmly in the spotlight, where they remain. With attention having shifted from guidance to enforcement, this article … Read more