UK Government endorses new data security standards and greater patient control over use of health data

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks can cause widespread disruption and highlight the importance of ensuring that organisations implement strong security … Read more

Draft Data Protection Bill published – no major surprises for businesses

Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was initially published on 14 September and once finalised it will repeal the current Data Protection … Read more

UK: Limits on employers’ ability to monitor private communications

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned an employee’s personal use of a Yahoo Messenger account set up at the employer’s request … Read more

Council of the EU publishes Progress Report on draft EU ePrivacy Regulation

Last month the Council of the European Union published its progress report on the first draft of the ePrivacy Regulation (the “Draft Regulation”). The Draft Regulation was issued by the EC in January of this year and focuses on the processing of personal data and protection of privacy in electronic communications. Read more

EU – US Privacy Shield adequacy decision incorporated into the EEA Agreement

On 12 July 2016 the European Commission adopted an “adequacy decision” allowing for the transatlantic transfer of personal data from the EU to the US in accordance with the framework and principles of the EU-US Privacy Shield (the “Privacy Shield”). This new framework was established following the previous transfer mechanism, the US Safe Harbour, being … Read more

Liberty granted rights to challenge the Snoopers’ Charter

The Investigatory Powers Act 2016 (the “Act“) received Royal Assent on 29 November 2016. Dubbed the “Snoopers’ Charter” it has been heavily criticised by various commentators, including the advocacy group Liberty. The main source of criticism has been around the requirements for bulk retention of data (such as communications data and internet connection records) and … Read more

EU Council publishes Progress Report on draft EU ePrivacy Regulation

On 15 May 2017, the Council of the European Union published its progress report (the “Report“) on the first draft of the ePrivacy Regulation (the “Draft Regulation“). The Draft Regulation focuses on the processing of personal data and protection of privacy in electronic communications. Among other areas, it covers direct marketing, cookies and other forms … Read more

Driverless cars, drones and DNA: How to build trust in the data age

‘Trust and transparency’ is the theme of this year’s Privacy Awareness Week (15-19 May 2017). This is an annual event held since 2006 to raise awareness across the Asia-Pacific region of the importance of protecting personal information. While ‘trust’ and ‘transparency’ may sound like fuzzy concepts, particularly in a legal context, they are increasingly underpinning … Read more