As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading
By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading
The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls. The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly … Continue Reading
The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system. The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading
The UK Supreme Court has granted Google the right to appeal part of the English and Welsh Court of Appeal’s notable ruling in Google Inc. v. Vidal-Hall & Ors [2015] EWCA Civ 311. Our previous blog highlighted the facts of the case (brought by Internet users against Google’s ad-tracking practices) and the significant consequences of … Continue Reading
Dan Cooper and Phil Bradley-Schmieg On March 27, 2015, the England and Wales Court of Appeal (EWCA) handed down a historic judgment in Google Inc v. Vidal-Hall & Ors [2015] EWCA Civ 311, with significant consequences for organizations handling personal data in, or from, the UK. This case was brought against Google Inc. by three … Continue Reading
Please note that this event, originally scheduled for December 10, is being rescheduled for February 2015 – date TBC Covington’s London office will be hosting a breakfast seminar for clients on ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’ with The Chertoff Group.… Continue Reading
By Phil Bradley-Schmieg The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance … Continue Reading
By Tom Jackson and Phil Bradley-Schmieg A cross-party group of UK Members of Parliament (“MPs”) is seeking to amend the UK’s ‘freedom of information’ regime under the Freedom of Information Act 2000 (“FOIA”) to also cover current and prospective private sector suppliers to the National Health Service (“NHS”) in England and Wales. The Freedom of … Continue Reading
By Dan Cooper, Helena Marttila & Fredericka Argent Following the 2011 News International phone-hacking scandal, the UK government commissioned an in-depth inquiry into the accusations made against the British press to be conducted by Lord Justice Leveson. The “Leveson Inquiry” was a full-scale investigation, which culminated in an approximately 2000-page report published in November 2012. The … Continue Reading
By Bonnie Drury and Ezra Steinhardt The Information Commissioner’s Office (ICO) has produced new guidance on “IT asset disposal for organisations” to help data controllers understand their responsibilities relating to the destruction and disposal of electronic equipment. The guidance, which addresses one of the areas where organizations are most frequently fined under the UK Data … Continue Reading
By Bonnie Drury and Ezra Steinhardt On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR). The fine penalized Tetrus for sending millions of unsolicited text messages … Continue Reading
By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks. Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading
The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format. The UK Government (UKG) would prefer that the data be supplied at no cost and … Continue Reading
On May 25, 2012, the UK’s data protection authority, the ICO, issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011). As we have reported here and here, when the rules were first introduced in May 2011, the ICO granted UK website operators a “honeymoon” period of 12-months … Continue Reading
On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May. The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was … Continue Reading
By Dan Cooper and Maria-Martina Yalamova An amendment to a discussion tabled in the House of Lords relating to the Protection of Freedoms Bill 2010 – 2011 has called for the creation of a dedicated Privacy Commissioner. The proposed establishment of a single Privacy Commissioner seeks to correct the existing proliferation of UK commissioners with … Continue Reading
On 4 August, 2011, the Cabinet Office of the UK Government opened a new public consultation on disclosure and access to public sector data. The consultation, which seeks to “establish a culture of openness” in the public sector, comes soon after a statement from the ICO suggesting that public sector organisations should respond to Freedom of … Continue Reading
On July 19, 2011, the European Commission announced that it sent formal requests for further information to 20 Member States regarding their failure to implement the EU’s new package of telecoms rules. The rules, which include amendments to the E-Privacy Directive to create new consent requirements for the use of most web cookies, were required to … Continue Reading
Late yesterday the UK ICO issued a new press release and guidance on its plans to enforce the new UK “cookie regulation,” which was enacted by the UK Government to implement the EU’s e-Privacy Directive. The new release, which follows previous ICO guidance outlining how businesses might comply with the new rules (see my previous post), declared that the ICO … Continue Reading
Following its vague warning on cookies in March, and confirmation last month that the UK would adopt the amended EU rules on cookies verbatim, the UK ICO has now issued new guidance that makes it clear that websites must obtain users’ consent before storing cookies on devices. The guidance, which relates to amendments to the UK … Continue Reading
Smartphone Location Data Last week two UK-based researchers revealed that Apple iPhones record location-based data in an unencrypted file stored on each phone. The information, gleaned from WiFi routers and cellular towers within the phone’s signal range, has been collected without the knowledge of the phones’ owners, and would allow Apple to track each phone’s … Continue Reading
This past week, the United Kingdom Minister of State for Immigration, Damian Green, announced that the UK will join the Eurodac fingerprint database, a large centralized database containing the fingerprint data of asylum seekers and illegal border crossers who are found within EU territory. Accordng to Green, the move will assist Europe in streamlining its … Continue Reading
The Office of Fair Trading, the UK’s answer to the FTC, has established its position on paid-for plugging on social media websites. According to an announcement issued last month by the OFT relating to an enforcement action pursued against a small UK media firm, online advertising and marketing that fails to disclose that it contains paid-for promotions … Continue Reading
