compliance

ICCL Litigation Against Internet Giants

By Dave McKay in compliance

June 20, 2021

Irish Council for Civil Liberties Launch Major Litigation The Irish Council for Civil Liberties (ICCL), said in a statement that online advertising amounts to “the Biggest. Data. Breach. Ever” and accusing internet adland of compiling “secret dossiers” on every single netizen. The ICCL is fronted by Johnny Ryan, privacy-focussed web browser Brave’s ex-chief policy officer. He said: “These secret dossiers about you – based on what you think is private – could prompt an algorithm to remove you from the shortlist for your dream job.

Continue reading

EU Vote on UK Adequacy Decision

By Dave McKay in compliance

May 20, 2021

EU Parliament votes on UK Adequacy Decision Today This morning the European Parliament will debate the adequacy or otherwise of the protection of personal data provided by the United Kingdom’s data protection framework. This is the UK’s version of GDPR as contained within the Data Protection Act 2018 (DPA 2018). Two resolutions will then be put to the vote. Although we’ve come this far and we’re close, it isn’t a done deal.

Continue reading

Talks Intensify On Privacy Shield Replacement

By Dave McKay in compliance

April 3, 2021

EU and U.S. Data Flow Talks Cranked Up a Notch As I reported back in July 2020 in a blog titled CJEU Invalidates EU-US Privacy Shield Agreement, the EU-U.S. Privacy Shield agreement, which allowed data to be transmitted out of the EU to participating US companies, was ruled invalid by the Court of the European Union (CJEU). On March 25th, 2021, the EU Commissioner for Justice and the U.S. Secretary of Commerce made a joint statement on the state of the negotiations to find a solution that would permit the flow of personal data to recommence.

Continue reading

UK Adequacy Decision Drafted

By Dave McKay in compliance

February 26, 2021

Post-Brexit EU-UK Adequacy Decision Has Been Drafted Before you can transmit personal data from a European Union country to a country not within the EU or the European Economic Area—known as a third country—there has to be an adequacy decision made by the European Commission. The third country must have a framework in place that both provides data protection and upholds the rights of the data subjects as well as—or better than—the EU’s General Data Protection Regulation.

Continue reading

Facebook Operates Under Contract Not Consent

By Dave McKay in compliance

January 4, 2021

December 2020 Ruling in Favour of Facebook The Viennese Superior Court (Oberlandesgericht Wien) ruled on December 29th 2020 that internet giant Facebook does not need to obtain consent from its users for the use of their data. That is, Facebook does not need to obtain consent under Article 6(1)(a) of the GDPR. This is because it is covered by the contract that exists between Facebook and its users, and the small print of its terms and conditions.

Continue reading

Complaint Filed Against Address Broker in Vienna

By Dave McKay in privacy

December 3, 2020

On Tuesday, My Privacy is None of Your Business (NOYB) filed a GDPR complaint against AZ Direct Österreich GmbH. They are an address broker—they sell personal data—based in Vienna. They refused to reveal where they get their data from and with whom it had been shared. They claimed they didn’t know because they didn’t bother recording it. It would have been “too burdensome”. A data subject had sent a data subject data access request and asked from where the address publisher had collected his data and to whom it had been sold.

Continue reading

ICO Exam Exceptions for Data Access Requests

By Dave McKay in compliance

July 30, 2020

ICO Exemptions on Exam Scripts Because of the Covid-19 pandemic, most school and university exams have been abandoned. Teachers and lecturers will be conducting and submitting pupil assessments. These will form the basis of grades. We’re getting a lot of questions regarding the rights of the pupils and students, under the General Data Protection Regulations (GDPR). What people want to know is, can you use the GDPR to find out what has been submitted by the institution about a student or pupil?

Continue reading

CJEU Invalidates EU-US Privacy Shield Agreement

By Dave McKay in compliance

July 18, 2020

Privacy Shield No Longer Adequate The Court of Justice of the European Union has invalidated the EU-U.S. Privacy Shield agreement, which allowed data to be transmitted out of the EU to the US, if the receiving company operated under the strictures of the Privacy Shield scheme. If a country is not in the European Union (EU), and not within the European Economic Area (EEA), it is considered to be a third country.

Continue reading

Case Study: Doorstep Dispensaree

By Dave McKay in compliance

July 13, 2020

It’s Not Just About Digital The ICO fined Doorstep Dispensaree Ltd £275,000 for, among other things, failing to keep sensitive data securely and failing to provide an adequate privacy policy to data subjects. What They Did Wrong Doorstep Dispenaree provide pharmaceutical dispensary services to carehomes. They had c. 500,000 documents containing personally indentifiable data in unlocked containers behind their premsises. They were being investigated by the Medicines and Healthcare Products Regulatory Agency (MHRA) regarding alleged unlicensed and unregulated storage of medicines.

Continue reading

One in Ten Home Workers Not GDPR Compliant

By Dave McKay in compliance

July 11, 2020

Working From Home and GDPR COVID-19 has seen unprecedented numbers of usuall office based workers forced to work from home. Scarily, a report from IT support firm ILUX, in which 2,000 home workers were surveyed, found that one in ten thought they were expected to work in non-GDPR compliant conditions. James Tilbury, MD at ILUX said: “Whilst, as business owners, we may be busy, stressed and frankly trying to keep our heads above water, it is not a time to be complacent.

Continue reading

Categories

Tags