The UK Government has issued a “call for views” on the current level of physical, technical and organizational security provided by data center operators (i.e. colocation service providers, not businesses that operate their own data centers) and cloud service providers (including providers of infrastructure-as-a-service, platform-as-a-service, and managed services). The Government intends to use

On Thursday, April 20th, the UK government launched a “Call for Views” regarding the UK’s options for the implementation of the new EU General Data Protection Regulation (GDPR) at national level.  The consultation deadline is May 10th, at mid-day UK time.

Although the GDPR was an effort to bring greater harmonization to data protection regimes throughout the EU, it nevertheless contains a number of areas in which national laws can deviate from its default position – for instance to permit researchers to store and use health data without having to repeatedly seek consents, or to ensure that freedom of expression is not unfairly curtailed by the “right to be forgotten.”
Continue Reading UK Starts 3-Week Consultation on GDPR Implementation

By Fredericka Argent and Helena Marttila-Bridge

On 21 February 2013, the ICO launched a consultation on its proposal for a new code of practice regulating the press in the UK.  The consultation is in response to the publication of the Leveson Report in November 2012, which recommended significant and wide-ranging changes to the structure and regulation of news reporting in the UK.  As we blogged here, the ICO responded to the Leveson Report with comments on the role of the Data Protection Act 1998 (the “DPA”) in regulating the press and promises to issue new press guidance.

The ICO has made clear that the code of practice is not intended to create any new legally binding obligations. Rather, the proposed code will lay down guidance on the application of section 32 of the DPA, which provides an exemption from compliance with certain data protection principles where personal data is processed, among other things, with a view to the publication of journalistic material in the public interest (the so-called “special purposes” exemption).  Although the precise content of the code of practice is a work-in-progress, the ICO has proposed to cover at least the following topics:

Continue Reading UK’s Information Commissioner’s Office Issues Consultation on Data Protection and the Press

On 4 September, 2012, the Cayman Islands’ Data Protection Working Group (DPWG) released a consultation paper, inviting comments from the public on the draft Cayman Islands Data Protection Bill 2012. The Bill, which is modelled on the European Framework Data Protection Directive 95/46/EC, aims to protect individuals’ rights regarding the collection and use of personal

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and may also allow certain categories of small businesses to make such requests.  An existing enforcement body — possibly the Information Commissioner’s Office or a consumer protection body — is likely to be responsible for enforcing the proposed new requirement.

The consultation document explains that the proposed new requirement would offer a more targeted approach towards access to personal data than is currently available under the UK Data Protection Act 1998.  The requirement would:

  • only relate to transaction data regarding a consumer’s purchase/consumption of products and services from that supplier;
  • only cover factual information, for example what a consumer bought, where they bought it, and how much they paid for it;
  • not cover any subsequent analysis that the data holder has undertaken on the information; and
  • only apply to businesses that already hold this information electronically.  Businesses would not be required to collect any new information and existing information would only have to be released if requested by consumers. 

Following the European Commission’s proposals to reform the EU Data Protection Framework (see here and here), which also included a controversial data portability element, industry is likely to pay close attention to this UK initiative.

The closing date to respond to the consultation is 10 September 2012.  Interested parties may also join Open Forums discussing the consultation at the BIS Offices on August 9 (3-5pm), 16 (3.30-5.30pm) and 23 (3-5pm) by contacting midata@bis.gsi.gov.uk.

Continue Reading UK Government Launches Consultation on New Data Portability Requirement

On 12 July, 2012, the Justice Select Committee, the body tasked by the UK Parliament’s European Scrutiny Committee to give its opinion on the EU Commission’s proposals to reform EU data protection laws, launched a call for written evidence on the following questions: 

  • Will the proposed Regulation strike the right balance between the need, on