Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United Kingdom

Subscribe to United Kingdom RSS Feed

UK Data Protection Regulator Surveys Use of Smart Medical Devices

Posted in European Union, International, United Kingdom

By Phil Bradley-Schmieg The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance… Continue Reading

UK Parliamentarians Seek FOI Changes To Force Private Sector Suppliers To Disclose NHS Contract Details

Posted in European Union, International, United Kingdom

By Tom Jackson and Phil Bradley-Schmieg A cross-party group of UK Members of Parliament (“MPs”) is seeking to amend the UK’s ‘freedom of information’ regime under the Freedom of Information Act 2000 (“FOIA”) to also cover current and prospective private sector suppliers to the National Health Service (“NHS”) in England and Wales. The Freedom of… Continue Reading

ICO Releases Concrete Guidance on Privacy Requirements When Recording Video with Drones

Posted in International, United Kingdom

On October 15, 2014, the UK Information Commissioner’s Office (ICO) published an updated code of practice for surveillance cameras.  Among other topics, the ICO uses the Code to begin to address privacy practices for drones.  Drones are not new, but two factors are now making questions about drones and privacy practices more pressing.  First, many… Continue Reading

Updating Ofcom’s Guidance on Network Security – New Consultation

Posted in Cybersecurity, European Union, United Kingdom

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on the responses received, Ofcom intends… Continue Reading

European Regulators and the Eternal Cookie Debate

Posted in Advertising & Marketing, European Union, International, Online, Privacy Policies, United Kingdom

By Dan Cooper, Mark Young and Maria-Martina Yalamova This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website… Continue Reading

The ICO Publishes New Guidance on Direct Marketing

Posted in Advertising & Marketing, United Kingdom

By Helena Marttila-Bridge and Colin Warriner On 10 September 2013, the UK’s Information Commissioner (ICO) released new guidance on direct marketing.  The paper canvasses the marketing rules found in the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, with the aim of helping companies to comply with the law… Continue Reading

ICO Issues Fine of £90,000 for Breach of PECR

Posted in United Kingdom

By Oliver Grazebrook and Ezra Steinhardt On 20 March 2013, the UK Information Commissioner’s Office (ICO) announced that it had issued a fine of £90,000 against DM Design, a Glasgow-based kitchen and bedroom fitting company, for breaching the Privacy and Electronic Communications Regulations (PECR) by making thousands of unwanted direct marketing calls.  This fine, made two years… Continue Reading

New ICO Guidance Offers Employers Practical Advice on Implementing Safer “Bring Your Own Device” Policies

Posted in Data Security, International, United Kingdom

On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance on the use of personal devices for business purposes. The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov. According to the survey, 47% of adults in the UK use personal… Continue Reading

UK’s Information Commissioner’s Office Issues Consultation on Data Protection and the Press

Posted in United Kingdom

By Fredericka Argent and Helena Marttila-Bridge On 21 February 2013, the ICO launched a consultation on its proposal for a new code of practice regulating the press in the UK.  The consultation is in response to the publication of the Leveson Report in November 2012, which recommended significant and wide-ranging changes to the structure and… Continue Reading

ICO fines Sony £250,000 following the 2011 Playstation Network Platform data breach

Posted in Cybersecurity, Data Breaches, Data Security, European Union, International, United Kingdom

On 24 January 2013, the UK Information Commissioner’s Office (ICO) announced that Sony Computer Entertainment Europe Limited (Sony) would be fined £250,000 following a data breach of the Playstation Network.  The breach occurred in 2011 when hackers accessed the personal details of “millions” of Playstation Network customers, including names, dates of birth, passwords, and other… Continue Reading

The ICO Responds to the Leveson Report

Posted in European Union, International, United Kingdom

By Dan Cooper, Helena Marttila & Fredericka Argent Following the 2011 News International phone-hacking scandal, the UK government commissioned an in-depth inquiry into the accusations made against the British press to be conducted by Lord Justice Leveson.  The “Leveson Inquiry” was a full-scale investigation, which culminated in an approximately 2000-page report published in November 2012.  The… Continue Reading

ICO Releases New Guidance on Destruction of Electronic Equipment

Posted in Data Security, European Union, International, United Kingdom

By Bonnie Drury and Ezra Steinhardt The Information Commissioner’s Office (ICO) has produced new guidance on “IT asset disposal for organisations” to help data controllers understand their responsibilities relating to the destruction and disposal of electronic equipment.  The guidance, which addresses one of the areas where organizations are most frequently fined under the UK Data… Continue Reading

ICO issues £440,000 fine to telecoms company for illegal direct marketing

Posted in Advertising & Marketing, International, United Kingdom

By Bonnie Drury and Ezra Steinhardt On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR).  The fine penalized Tetrus for sending millions of unsolicited text messages… Continue Reading

UN Report Calls for Mandatory Data Retention

Posted in International, United Kingdom, United States

By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks.  Besides providing an overview of the existing legal frameworks to address terrorists’ use of the… Continue Reading

ICO Issues New £250,000 Fine to Scottish Local Government Body

Posted in Data Security, United Kingdom

On 11 September 2012, the UK Information Commissioner’s Office (ICO) announced that it had fined the Scottish Borders Council £250,000 under the Data Protection Act 1998 (the DPA) following the discovery of a former Council employee’s pension records in a supermarket’s car park paper recycling bank. The document was one of at least 676 files… Continue Reading

UK Government Launches Consultation on New Data Portability Requirement

Posted in International, United Kingdom

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and… Continue Reading

Google Contacts ICO Stating That It Still Holds Some Street View Payload Data

Posted in European Union, International, United Kingdom

In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010.  This follows the ICO re-opening its probe into Google’s Street View activity last… Continue Reading

UK Parliament Committees Open Consultations on Proposed Data Protection Regulation and Proposed Communications Data Bill

Posted in European Union, International, United Kingdom

On 12 July, 2012, the Justice Select Committee, the body tasked by the UK Parliament’s European Scrutiny Committee to give its opinion on the EU Commission’s proposals to reform EU data protection laws, launched a call for written evidence on the following questions:  Will the proposed Regulation strike the right balance between the need, on… Continue Reading

UK ICO Publishes Further Cookie Guidance Accepting Implied Consent

Posted in European Union, United Kingdom

On May 25, 2012, the UK’s data protection authority, the ICO, issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011).  As we have reported here and here, when the rules were first introduced in May 2011, the ICO granted UK website operators a “honeymoon” period of 12-months… Continue Reading

UK Government prepares new legislative proposal to modernise communications data monitoring law

Posted in International, United Kingdom

On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May.  The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was… Continue Reading

European Mobile Operators Agree to App Privacy Guidelines

Posted in European Union, International, Mobile, Privacy Policies, United Kingdom

This week, the U.K.-based GSM Association unveiled voluntary app privacy guidelines, which are being implemented by several major European mobile telephone service operators for their own branded applications.  According to the GSM Association, the companies adopting these guidelines includes Deutsche Telekom, France Telecom – Orange, Telecom Italia, Telefónica, and Vodafone.  This development  follows last week’s announcement of an agreement by Amazon, Apple, Google, Hewlett-Packard, Microsoft,… Continue Reading

UK ICO Issues Updated Guidance on the Rules on Use of Cookies and Similar Technologies

Posted in European Union, United Kingdom

By Dan Cooper and Maria-Martina Yalamova On December 13, 2011, the UK data protection authority (the “ICO”) issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011) implemented as part of the review of the EU e-Privacy Directive.  The guidance is intended to help website operators and those… Continue Reading

House of Lords Calls for a Privacy Commissioner

Posted in United Kingdom

By Dan Cooper and Maria-Martina Yalamova An amendment to a discussion tabled in the House of Lords relating to the Protection of Freedoms Bill 2010 – 2011 has called for the creation of a dedicated Privacy Commissioner. The proposed establishment of a single Privacy Commissioner seeks to correct the existing proliferation of UK commissioners with… Continue Reading