The Information Commissioner’s Office in the UK (ICO) has announced an investigation into the use of facial recognition technology following a string of high profile uses. Prior to the results of this investigation, companies using facial recognition technology should: undertake a balancing test to ensure proportionality in the use of such technology, acknowledging its intrusiveness; … Read more

The National Cyber Security Centre (NCSC) and the Information Commission Office (ICO) have clarified their roles in relation to breaches of cyber security.  NCSC manages cyber incidents at a national level to prevent harm being caused to both victims and the UK overall. It helps manage the response at a governmental level and seeks to … Read more

The UK’s data protection authority, the ICO, has announced twice in two days this week that it proposes to levy significant fines on organisations for breaches of the General Data Protection Regulation (GDPR), which took effect in May 2018. First it announced that it intends to fine British Airways some £183 million for a data … Read more

Just one day after its notice of its intent to fine British Airways £183.39 million, the ICO has issued a further notice of intent to fine Marriott International £99.2 million for its own data breach; The systems of the Starwood hotel group were originally compromised in 2014, prior to the acquisition of Starwood by Marriott … Read more

Following its recent admission that its own cookie consent mechanism was non-compliant (see previous blog post here), the UK privacy regulator (the ICO) updated its cookie notice last week (see our previous blog post here) and has now published guidance on cookies and similar technologies. Key messages are: No implied consent for non-essential cookies allowed, … Read more