On 18 February 2019, the Information Commissioner’s Office (the “ICO“) and the Financial Conduct Authority (the “FCA“) published a new Memorandum of Understanding (“MoU“) between them. This will no doubt be of interest to any business regulated by the FCA and while it is good news that regulators will be co-operating in the exercise of their functions, the MoU does not remove the risk for such businesses that they could, in the event of any data protection breach, face parallel investigation and enforcement action from more than one regulator, both with very significant sanctioning powers.
We have set out below a high-level overview of the MoU, the conduct of investigation and enforcement and the legal basis on which information can flow between the two regulators – paving the way for further joined-up regulatory thinking in the wake of the GDPR. Continue reading
The revelations surrounding Cambridge Analytica’s use of personal data and involvement with the Vote Leave campaign raised serious questions about the use of personal data in the EU referendum campaign and more widely by technology companies in general.
The subsequent investigation by the Digital, Culture, Media and Sport Select Committee (the “DCMS Select Committee“) has drawn attention to the activities of technology companies and the widespread use of digital personal data in political campaigning. It has been the catalyst for multiple investigations into a range of issues, including the extent to which electoral law is fit for purpose, the use of data analytics in political campaigns and policy recommendations concerning personal information and political influence.
The DCMS Select Committee published its final report (the “Report“) on 18 February 2019 (available here). Continue reading