GDPR fines can contemplate parent group turnover: The story behind the WhatsApp fine

Summary The DPC has fined WhatsApp, an instant messaging app owned by Facebook, €225 million in relation to an investigation into its compliance with transparency obligations under the GDPR. Following intervention from the EDPB, the proposed fine was increased from €30 – €50 million up to €225 million by taking into account the turnover of … Read more

European Commission publishes final Article 28 clauses

Simultaneous with the European Commission publishing its final standard contractual clauses for the international transfer of personal data (see our blog post here for further information) (the “New SCCs“), they have now published a final set of standalone Article 28 clauses for use between controllers and processors in the EU, also termed ‘standard contractual clauses’ … Read more

ICO PUBLISHES CALL FOR VIEWS ON ANONYMISATION GUIDANCE

Background On 28 May 2021, the Information Commissioner’s Office (“ICO“) published a call for views on the first draft chapter of its anonymisation, pseudonymisation and privacy enhancing technologies draft guidance). This first chapter is part of a series of chapters of guidance that the ICO will be publishing on anonymisation and pseudonymisation and their role … Read more

European Commission publishes final Standard Contractual Clauses

Seven months after the European Commission published its draft new Standard Contractual Clauses for data transfers between EU and non-EU countries (the “Draft SCCs“) for consultation (see our blog post here (the “Draft SCCs Blog“)), they have now published a finalised set of Standard Contractual Clauses (“Final SCCs“) with little fanfare (available here). It should … Read more

ICO PUBLISHES NEW DATA SHARING CODE OF PRACTICE

Executive Summary On 17 December 2020, the Information Commissioner’s Office (“ICO”) published a new Data Sharing Code of Practice (the “Code”). As nearly ten years have passed since the implementation of the previous data sharing code published by the ICO, the new Code has been updated to reflect key changes in data protection laws and … Read more

Happy International Data Privacy Day: Our predictions for 2021

Happy International Data Privacy Day! And what better day than today, to explore what 2021 is likely to have in store for data and privacy? Almost three years after the EU General Data Protection Regulation (GDPR) came into force, and now 28 days since the UK GDPR replaced it in the UK following Brexit, data … Read more

ENSURING COMPLIANCE WITH ELECTRONIC MARKETING RULES: A CLOSER LOOK AT SOFT OPT-IN CONSENT

The ICO’s recent decision to take enforcement action against a number of organisations (both in the form of investigations and regulatory fines) for sending unsolicited email and text based electronic marketing communications to individuals should serve to prompt organisations to take stock of the ways in which they promote their products and services using electronic … Read more