Blog

Facebook’s cryptocurrency Libra under scrutiny amid concerns of ‘data handling practices’

It would be giving the burgeoning cryptocurrency Libra short shrift to call it ambitious. Its aims as stated in the Libra Association’s white paper are lofty even by the rhetorical standards of Silicon Valley. If defining Libra as ‘the internet of money’ isn’t enough to convince you of the level of its aspiration, the paper…
Read more

Framework for EU-US data flows under scrutiny as ‘Schrems II’ case takes place at the CJEU

For those unfamiliar with the Schrems saga, a brief catch-up may be required. The original case, now known as ‘Schrems I,’ involved an Austrian activist, Max Schrems, filing a complaint with the Irish Data Protection Agency against Facebook. The complaint was that Facebook had allowed US authorities to access his personal data on social media…
Read more

Two high-profile GDPR fines for British Airways and Marriott International, Inc

The Information Commissioner’s Office (ICO) has released two statements this week declaring intention to fine British Airways and Marriott International, Inc £183.39m and £99m respectively for breaches of the General Data Protection Regulation (GDPR). In both cases, which affect data subjects from countries across the world, the ICO was the lead supervisory authority acting on…
Read more

University data protection policies under scrutiny as report finds threats of cyber attacks

A report published by the Higher Education Policy Institute and conducted by Jisc, a digital infrastructure provider for HE, has emphasised the expanding risks of cyberattacks among UK universities and academic institutions in general. Last year saw an increase (17%) in attacks and breaches from the year before, and the trend is likely to continue.…
Read more

European Commission reports awareness throughout Europe of data rights and data protection

The Special Eurobarometer 487a report on GDPR conducted by survey and data insight consultancy Kantar at the request of the European Commission has been published this month. Where relevant, the report’s findings are compared to findings from the Special Eurobarometer 431 on Data Protection conducted in 2015. The salient finding is that two-thirds of Europeans…
Read more

Belgian Data Protection Authority’s first GDPR fine imposed on public official 

The Belgian DPA delivered a strong message on 28th May 2019, that data protection is “everyone’s concern” and everyone’s responsibility, by premiering the GDPR’s sanctioning provision in Belgium with a fine of €2,000 imposed on a mayor (‘bourgmestre’) for the illegal utilisation of personal data.  Purpose Limitation was Breached  The mayor in question used personal data obtained for the purposes of…
Read more

Personal Data Protection Act (PDPA) comes into effect in Thailand after royal endorsement

On 27th May, the Kingdom of Thailand’s first personal data protection law was published in the Government Gazette and made official. This comes three months after the National Legislative Assembly passed the Personal Data Protection Act in late February and submitted the act for royal endorsement.  While the law is now technically in effect Its main ‘operative provisions’…
Read more

GDPR’s 1st Birthday

General Data Protection Regulation reaches its first birthday This blogpost arrives as the General Data Protection Regulation (GDPR) reaches its first birthday, and a week after a report from the Washington-based Center for Data Innovation (CDI) suggested amendments to the GDPR. The report argues that regulatory relaxations would help foster Europe’s ‘Algorithmic Economy,’ purporting that GDPR’s restrictions of data…
Read more

What is a Data Protection Officer (DPO), and do you need one?

A DPO (Data Protection Officer) is an individual responsible for ensuring that their organisation is processing the data of its staff, customers, providers and any other individuals, i.e. data subjects, in compliance with data protection regulations. As of the EU-wide General Data Protection Regulation (GDPR), a DPO is mandatory for: Public authorities; and Organisations that…
Read more

HMRC’s 28 days to delete unlawfully obtained biometric data

In a statement released on 3rd May, the Information Commissioner’s Office reiterated their decision to issue HMRC a preliminary enforcement notice in early April. This initial notice was based on an investigation conducted by the ICO after a complaint from Big Brother Watch concerning HMRC’s Voice ID service on a number of the department’s helplines since January 2017. HMRC did not…
Read more