United Kingdom (UK)

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on

Continue Reading Updating Ofcom’s Guidance on Network Security – New Consultation

Only a few days after the leading parliamentary committee waved through the proposed amendments to the European Commission’s legislative proposal for a General Data Protection Regulation (see here and here), the EU Member States’ governments have decided to postpone the adoption of the Regulation to 2015.  Germany and the

Continue Reading European Council Taps the Breaks–Adoption of EU General Data Protection Regulation Delayed

By Dan Cooper & Fredericka Argent

Following the 2011 News International phone-hacking scandal, the UK government commissioned an in-depth inquiry into the accusations made against the British press to be conducted by Lord Justice Leveson.  The “Leveson Inquiry” was a full-scale investigation, which culminated in an approximately 2000-page report published in November 2012.  The report  recommends significant, wide-ranging changes to the structure and regulation of news media reporting in the UK, including changes to the UK’s Data Protection Act 1998 (the “DPA”) and the role of the UK’s data privacy regulator, the ICO.

On 7 January 2013, the ICO published a response to the Leveson report. The first half of the ICO’s response deals with Leveson’s recommendations concerning the ICO, including the suggestion that the ICO should improve its understanding of the data protection regime regarding the press. In its response, the ICO promises to issue numerous policies and guidance relating to the use of personal data by the press. These include, for example, the introduction of a new dedicated section on the ICO website providing the public with information on their data rights regarding the media, the publication of a Code of Practice to be observed by the press when processing personal data, and an Annual Report to Parliament which provides regular updates on the effectiveness of any ICO guidelines and other measures.Continue Reading The ICO Responds to the Leveson Report

The Information Commissioner’s Office (ICO) has produced new guidance on “IT asset disposal for organisations” to help data controllers understand their responsibilities relating to the destruction and disposal of electronic equipment.  The guidance, which addresses one of the areas where organizations are most frequently fined under the UK Data Protection
Continue Reading ICO Releases New Guidance on Destruction of Electronic Equipment

On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR).  The fine penalized Tetrus for sending millions of unsolicited text messages promoting
Continue Reading ICO issues £440,000 fine to telecoms company for illegal direct marketing

By Kurt Wimmer and Josephine Liu

The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks.  Besides providing an overview of the existing legal frameworks to address terrorists’ use of the Internet, the report highlights a number of challenges associated with investigating and prosecuting terrorism cases — and specifically notes that “[o]ne of the major problems confronting all law enforcement agencies is the lack of an internationally agreed framework for retention of data held by ISPs.”   

As the report notes, some countries already require ISPs to retain certain types of data for a specified time period.  But even in the European Union, where Directive 2006/24/EC requires Member States to ensure that regulated providers retain specified communications data for a period between six months and two years, there is no consistent data-retention period.  Some Member States require data to be retained for six months, others for two years.  In addition, several Member States continue to grapple with implementing the Directive, including Germany (where an attempt to implement it was struck down by the constitutional court). Continue Reading UN Report Calls for Mandatory Data Retention

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and may also allow certain categories of small businesses to make such requests.  An existing enforcement body — possibly the Information Commissioner’s Office or a consumer protection body — is likely to be responsible for enforcing the proposed new requirement.

The consultation document explains that the proposed new requirement would offer a more targeted approach towards access to personal data than is currently available under the UK Data Protection Act 1998.  The requirement would:

  • only relate to transaction data regarding a consumer’s purchase/consumption of products and services from that supplier;
  • only cover factual information, for example what a consumer bought, where they bought it, and how much they paid for it;
  • not cover any subsequent analysis that the data holder has undertaken on the information; and
  • only apply to businesses that already hold this information electronically.  Businesses would not be required to collect any new information and existing information would only have to be released if requested by consumers. 

Following the European Commission’s proposals to reform the EU Data Protection Framework (see here and here), which also included a controversial data portability element, industry is likely to pay close attention to this UK initiative.

The closing date to respond to the consultation is 10 September 2012.  Interested parties may also join Open Forums discussing the consultation at the BIS Offices on August 9 (3-5pm), 16 (3.30-5.30pm) and 23 (3-5pm) by contacting midata@bis.gsi.gov.uk.Continue Reading UK Government Launches Consultation on New Data Portability Requirement

On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May.  The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was first announced (without detail) by the current Government in October 2010 in the Strategic Defence and Security Review.  The programme, which resembles a predecessor plan under the prior Labour Government named the “Interception Modernisation Programme”, is now known as the “Communications Capability Development Programme” (CCDP). Continue Reading UK Government prepares new legislative proposal to modernise communications data monitoring law

An amendment to a discussion tabled in the House of Lords relating to the Protection of Freedoms Bill 2010 – 2011 has called for the creation of a dedicated Privacy Commissioner.

The proposed establishment of a single Privacy Commissioner seeks to correct the existing proliferation of UK commissioners with strictly circumscribed powers and create an organization that is sufficiently flexible to navigate through the ever-changing technology and privacy policy landscapes.

If the Bill receives Royal Assent and becomes law, the new Commissioner will supersede the current UK Information Commissioner and reflect a more holistic approach of protecting individual privacy in all of its aspects rather than regulating personal data alone.Continue Reading House of Lords Calls for a Privacy Commissioner

On 4 August, 2011, the Cabinet Office of the UK Government opened a new public consultation on disclosure and access to public sector data.  The consultation, which seeks to “establish a culture of openness” in the public sector, comes soon after a statement from the ICO suggesting that public sector

Continue Reading UK Government Opens a New Consultation on Access to Public Data