ICO bolsters data protection rights for children in the digital world with the introduction of a new Age Appropriate Design Code

24 January 2020

Following a lengthy consultation process, the Information Commissioner’s Office has this month published the draft Age Appropriate Design Code (the Code). The Code, which is designed to be read alongside the existing provisions of the GDPR, and the Data Protection Act 2018, is intended to bolster the standards online services should meet to protect children’s […]

Read more

Data Export – preliminary opinion in CJEU on Schrems v FaceBook II looks positive for standard contract clauses

7 January 2020

Readers of these posts will be familiar with the ban, under Chapter V of GDPR, on exporting personal data outside the EEA except to approved third countries, or where other safeguards are put in place. One of those safeguards is a set of European Commission approved contract clauses that can be put in place between […]

Read more

€14M fine for German property company not deleting old personal data

7 November 2019

German property company Deutsche Wohnen SE has been fined €14.4 Million for breaches of GDPR by the Berlin data supervisory authority in Germany.  This is reported to represent 2% of the company’s global turnover, so is only half the maximum fine that could have been imposed under GDPR. It’s worth noting that this time the […]

Read more

ICO proposes £184M fine for British Airways in first major GDPR sanction

8 July 2019

The Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, today announced that it has provisionally determined that British Airways (BA) must pay a substantive fine for breach of the GDPR, in relation to a data breach that BA suffered in June 2018.  The reports state that the incident in part involved user traffic […]

Read more

Danish furniture company fined for deletion failure

25 June 2019

The Danish Data Protection Agency (DPA) has recommended a fine of 1.5 million Danish kroner (approx. £180,000) for a furniture company that failed to delete the data of about 385,000 customers. The company in question, IDdesign, had been the subject of a supervisory visit by the DPA in autumn 2018. Prior to the visit, IDdesign […]

Read more

GDPR: One year on

24 May 2019

The GDPR has been in force for almost a year and it has been reported that the Information Commissioner’s Office anticipates that a large fine in the United Kingdom is just a few weeks away. The European Data Protection Board (EDPB) has reported that the various European supervisory authorities have received 144,000 queries and complaints, […]

Read more

UPDATE: Facebook €10M fine in Italy

14 December 2018

On 29 November 2018 the Italian Competition Authority (ICA) handed Facebook a fine of EUR 10m for misleading consumers and breaching Italian consumer and data protection laws. Interestingly the scope of the investigation was initially aimed at unfair commercial practices adopted by Facebook, but in handing down the fine the ICA noted numerous breaches of […]

Read more