Brexit and Data Protection

7 December 2018

In amongst all the uncertainties of Brexit, the good (or bad, depending on your outlook) news is that GDPR will definitely still apply in UK, as part of our domestic law, for the foreseeable future, whatever happens.

Read more

High Court blocks £1-3bn data protection claims against Google

7 December 2018

Leigh Callaway and Gerald Brent of Fladgate’s disputes team review a recent UK Court decision which threw out a civil “representative action” claim against Google, brought under the old Data Protection Act 1998.

Read more

Jingle Regulation

7 December 2018

The UK’s data protection enforcement body, the ICO, has published an article on “Sleigh-ing the Christmas GDPR myths”.  As they say, the last thing they want is Santa to be reported to the IC-Ho-Ho-Ho! So the article sets the record straight on some pretty crazy “rules” that have been blamed on GDPR, such as: Children […]

Read more

Marriott Hotels breach – UK regulators involved

30 November 2018

UK data protection regulator the ICO has confirmed that it has received notification from Marriott Hotels regarding the widely reported hack (said to involve 500M consumers) involving the Starwood reservation system. The ICO says only that it is ‘making enquiries’.

Read more

Uber fined £385,000 following mass data breach

29 November 2018

The UK Information Commissioner’s Office (ICO) has issued a fine against Uber for £385,000 for failing to protect customers’ personal information during a cyber attack in 2016, that compromised the data of millions of customers and tens of thousands of drivers. The ICO has reported that data security flaws allowed the personal details of about […]

Read more

ICO enforces GDPR against Canadian company

28 November 2018

In one of the first enforcement steps it took under GDPR, the ICO issued an order in October against a Canadian company, AggregateIQ Data Services (ADS), which required it to delete all personal data held by it on UK residents.  The order was issued in the context of the ICO’s ongoing action in relation to […]

Read more

Brexit update

16 November 2018

The draft EU withdrawal agreement published on 17 November will (in the –possibly unlikely – event of UK Parliament ratification) preserve the status quo during the Transitional Period (which runs to 2020), during which time there will be negotiation of a longer term arrangement.

Read more

Prison sentence for rogue employee

16 November 2018

A rogue employee has received a six month prison sentence, using powers under the UK’s Computer Misuse Act 1990.   This is the first time that the ICO has used this legislation, and it is noteworthy that the penalty is against the individual, not his employer.  The case involved a car repair garage employee accessing a […]

Read more

ICO penalty for spam overturned

29 October 2018

A fine imposed by the ICO on a company accused of sending millions of unsolicited emails was overturned last month by the Appeal Tribunal[1]. The ICO had initially issued the fine against Xerpla Ltd, for a breach of regulation 22 of the Privacy and Electronic Communications Regulations (PECR) against unsolicited communications. In brief, this regulation […]

Read more

Personal data: a global commodity subject to regional rules

14 September 2018

The introduction within the EU of the General Data Protection Regulation (GDPR) led to frantic scrambles in the EU to achieve compliance. Such behaviour is understandable, given how easily a complaint may be made to a supervisory authority about organisations which allegedly breach data protection rules: in Britain, the Information Commissioner’s Office (ICO) has provided […]

Read more