UK Data Protection Act

The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds.  This is the highest fine issued by the ICO to date.
Continue Reading Company Receives Record Fine from UK Regulator For Cold Calling

The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly contravened UK regulations, and fined the company £200,000.
Continue Reading UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

The UK Supreme Court has granted Google the right to appeal part of the English and Welsh Court of Appeal’s notable ruling in Google Inc. v. Vidal-Hall & Ors [2015] EWCA Civ 311.

Our previous blog highlighted the facts of the case (brought by Internet users against Google’s ad-tracking practices) and the significant consequences

Dan Cooper and Phil Bradley-Schmieg

On March 27, 2015, the England and Wales Court of Appeal (EWCA) handed down a historic judgment in Google Inc v. Vidal-Hall & Ors [2015] EWCA Civ 311, with significant consequences for organizations handling personal data in, or from, the UK.

This case was brought against Google Inc. by three users of Apple’s Safari web browser.  They argued that over a period of nine months, Google’s DoubleClick and AdSense services secretly tracked their visits to all websites that used Google AdSense to serve advertising, contrary to Google’s public assurances that users who maintained Safari’s default privacy settings would not be tracked or profiled by DoubleClick, or receive personalized advertising.  This, they allege, allowed Google to wrongfully build up a detailed picture of their browsing history from which it could deduce their interests and personal characteristics, and thus serve personalized adverts.  Similar cases have been brought against Google in the United States, leading to a US$22.5 million U.S. Federal Trade Commission fine and a US$17 million settlement with state attorneys general.
Continue Reading English Court of Appeal Decision Significantly Expands UK Privacy Law

By Fredericka Argent

The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection Act.  The ICO expects that this will provide numerous benefits, both for companies, who could gain an advantage over competitors, and for customers, who should feel confident entrusting their personal information to companies displaying the seal.  It is hoped that the privacy seal will incentivize good data protection practices across UK businesses.

The privacy seals themselves will be delivered by third party operators who are endorsed by and work with the ICO.  It is expected that different operators will focus on different sectors, meaning that accreditation schemes can be tailored to particular industries.  For example, an operator handling the privacy seals for mobile app companies may be different to the operator assigned to healthcare service providers.  A privacy seal will only be awarded to an organization once they have demonstrated that they meet the relevant data protection standards.
Continue Reading The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses