Brexiting the GDPR: New draft UK data protection regulations introduced

8 January 2019

The government has recently published draft legislation to deal with the UK’s post-Brexit GDPR regime, namely “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019”. The new legislation proposes to introduce an amended version of the GDPR (creatively titled “the UK GDPR”), the Privacy and Electronic Communications Regulations 2003 (PECR), and […]

Read more

First German GDPR penalty

21 December 2018

The European Data Protection Board is today reporting that the supervisory authority for Baden-Würrtemburg has imposed the first GDPR fine in Germany.  A social network company was fined €20,000 for a data breach in July 2018 involving a hack which exposed the email addresses and  unencrypted passwords of 330,000 users.  The fine was reduced in […]

Read more

UPDATE: Facebook €10M fine in Italy

14 December 2018

On 29 November 2018 the Italian Competition Authority (ICA) handed Facebook a fine of EUR 10m for misleading consumers and breaching Italian consumer and data protection laws. Interestingly the scope of the investigation was initially aimed at unfair commercial practices adopted by Facebook, but in handing down the fine the ICA noted numerous breaches of […]

Read more

E-receipt ads may break data laws

12 December 2018

It has been reported that several major retailers in the UK may be in breach of the GDPR when they sent promotional materials within their e-receipts. The GDPR is clear that data subjects must consent to direct marketing and must not receive any direct marketing if they object. The consumer group, Which?, carried out an […]

Read more

Facebook €10M fine in Italy

12 December 2018

Not a GDPR fine, but, according to press reports, Facebook has been fined €10M by the Italian consumer protection authority arising out of its use of subscriber’s data. The reports say that FB breached the Italian Consumer Code by misleading users about the commercial use of their data and not making it clear to users […]

Read more

Brexit and Data Protection

7 December 2018

In amongst all the uncertainties of Brexit, the good (or bad, depending on your outlook) news is that GDPR will definitely still apply in UK, as part of our domestic law, for the foreseeable future, whatever happens.

Read more

High Court blocks £1-3bn data protection claims against Google

7 December 2018

Leigh Callaway and Gerald Brent of Fladgate’s disputes team review a recent UK Court decision which threw out a civil “representative action” claim against Google, brought under the old Data Protection Act 1998.

Read more

Jingle Regulation

7 December 2018

The UK’s data protection enforcement body, the ICO, has published an article on “Sleigh-ing the Christmas GDPR myths”.  As they say, the last thing they want is Santa to be reported to the IC-Ho-Ho-Ho! So the article sets the record straight on some pretty crazy “rules” that have been blamed on GDPR, such as: Children […]

Read more

Marriott Hotels breach – UK regulators involved

30 November 2018

UK data protection regulator the ICO has confirmed that it has received notification from Marriott Hotels regarding the widely reported hack (said to involve 500M consumers) involving the Starwood reservation system. The ICO says only that it is ‘making enquiries’.

Read more

Uber fined £385,000 following mass data breach

29 November 2018

The UK Information Commissioner’s Office (ICO) has issued a fine against Uber for £385,000 for failing to protect customers’ personal information during a cyber attack in 2016, that compromised the data of millions of customers and tens of thousands of drivers. The ICO has reported that data security flaws allowed the personal details of about […]

Read more