Error: Can't connect Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 186
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 187
On 13 October 2023, the UK FCA published its Final Notice to Equifax Ltd, the UK subsidiary of US company Equifax Inc, in relation to a major 2017 data breach which affected over 13.7 million UK consumers. The FCA determined that Equifax Ltd had breached Principles 3, 6 and 7 of its Principles and imposed a fine of over £11m. The firm agreed to resolve the matter and so qualified for a 30% discount for early settlement. The FCA's Final Notice helps to explain the rationale behind the UK regulatory authorities developing and enhancing the operational resilience regime in 2019. It also highlights some particular pitfalls in managing intra-group outsourcings effectively. Read more
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-US Data Privacy Framework (“DPF“) finding that data transfers from Europe to the US pursuant to the DPF would benefit from an adequate level of data protection. The adoption of the adequacy decision provides some much-needed certainty around EU-US international data … Read more
AI booms – whilst regulation looms Peggy Chow, Kaman Tsoi, Duc Tran and Claire Wiseman join Aoife Xuereb to discuss the increasing use of AI in consumer sector digital marketing strategies. Analysing customer data to personalise content and target advertising according to purchasing behaviour and demographic information has become commonplace, along with the use of tools such as chatbots to automate customer … Read more
On 22 May 2023, following the adoption of a binding decision by the EDPB, the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed Meta to suspend its transfers … Read more
On 22 May 2023, following the adoption of a binding decision by the European Data Protection Board (the “EDPB“), the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed … Read more
The UK’s Information Commissioner’s Office (“ICO“) has fined Tik Tok Information Technologies UK Limited and TikTok Inc (“TikTok“) £12.7 million for breaching the UK GDPR, in particular for failing to protect children’s privacy. The ICO had previously issued a notice of intent to fine TikTok £27 million for various data protection law breaches between May … Read more
The UK Government recommenced its efforts to reform the UK data protection regime by introducing the aptly named “Data Protection and Digital Information Bill (No.2)” (“Second Draft Bill”) to Parliament on 8 March 2023. The full text of the Second Draft Bill can be found here and an accompanying set of Explanatory Notes can be … Read more
Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more
