gdpr

ICCL Litigation Against Internet Giants

By Dave McKay in compliance

June 20, 2021

Irish Council for Civil Liberties Launch Major Litigation The Irish Council for Civil Liberties (ICCL), said in a statement that online advertising amounts to “the Biggest. Data. Breach. Ever” and accusing internet adland of compiling “secret dossiers” on every single netizen. The ICCL is fronted by Johnny Ryan, privacy-focussed web browser Brave’s ex-chief policy officer. He said: “These secret dossiers about you – based on what you think is private – could prompt an algorithm to remove you from the shortlist for your dream job.

Continue reading

EU Vote on UK Adequacy Decision

By Dave McKay in compliance

May 20, 2021

EU Parliament votes on UK Adequacy Decision Today This morning the European Parliament will debate the adequacy or otherwise of the protection of personal data provided by the United Kingdom’s data protection framework. This is the UK’s version of GDPR as contained within the Data Protection Act 2018 (DPA 2018). Two resolutions will then be put to the vote. Although we’ve come this far and we’re close, it isn’t a done deal.

Continue reading

Talks Intensify On Privacy Shield Replacement

By Dave McKay in compliance

April 3, 2021

EU and U.S. Data Flow Talks Cranked Up a Notch As I reported back in July 2020 in a blog titled CJEU Invalidates EU-US Privacy Shield Agreement, the EU-U.S. Privacy Shield agreement, which allowed data to be transmitted out of the EU to participating US companies, was ruled invalid by the Court of the European Union (CJEU). On March 25th, 2021, the EU Commissioner for Justice and the U.S. Secretary of Commerce made a joint statement on the state of the negotiations to find a solution that would permit the flow of personal data to recommence.

Continue reading

UK Adequacy Decision Drafted

By Dave McKay in compliance

February 26, 2021

Post-Brexit EU-UK Adequacy Decision Has Been Drafted Before you can transmit personal data from a European Union country to a country not within the EU or the European Economic Area—known as a third country—there has to be an adequacy decision made by the European Commission. The third country must have a framework in place that both provides data protection and upholds the rights of the data subjects as well as—or better than—the EU’s General Data Protection Regulation.

Continue reading

Intelligence Services and General Warrants

By Dave McKay in privacy

February 2, 2021

GCHQ and MI5 Cannot Rely on General Warrants The High Court ruled on January 8th, 2021 that it was unlawful for the GCHQ and MI5 to use warrants issued under Section 5 of the Intelligence Services Act 1994 (ISA) to interfere with the property—including computers—of multitudes of people based on a single warrant. The High Court quashed a 2016 decision by the Investigatory Powers Tribunal (IPT), and ruled that section 5 of the Intelligence Services Act (ISA) 1994 does not permit the issuing of general or thematic warrants to authorise property interference and certain forms of computer bugging, monitoring and hacking.

Continue reading

Signal Messenger, WhatsApp, and Privacy

By Dave McKay in privacy

January 23, 2021

Signal Secure Messenger Signal is a secure messenger app published by the Signal Foundation and Signal Messenger LLC. These are not-for-profit organizations based in Mountain View, California. They were founded by Matthew Rosenfeld aka ‘Moxie Marlinspike’ and Brian Acton, to build on the work of one of Rosenfeld’s earlier start-ups Open Whisper Systems. Signal is free and open source. One of the glories of open source is that absolutely anyone can review the source code.

Continue reading

Facebook Operates Under Contract Not Consent

By Dave McKay in compliance

January 4, 2021

December 2020 Ruling in Favour of Facebook The Viennese Superior Court (Oberlandesgericht Wien) ruled on December 29th 2020 that internet giant Facebook does not need to obtain consent from its users for the use of their data. That is, Facebook does not need to obtain consent under Article 6(1)(a) of the GDPR. This is because it is covered by the contract that exists between Facebook and its users, and the small print of its terms and conditions.

Continue reading

Complaint Filed Against Address Broker in Vienna

By Dave McKay in privacy

December 3, 2020

On Tuesday, My Privacy is None of Your Business (NOYB) filed a GDPR complaint against AZ Direct Österreich GmbH. They are an address broker—they sell personal data—based in Vienna. They refused to reveal where they get their data from and with whom it had been shared. They claimed they didn’t know because they didn’t bother recording it. It would have been “too burdensome”. A data subject had sent a data subject data access request and asked from where the address publisher had collected his data and to whom it had been sold.

Continue reading

Age Appropriate Design for Online Services

By Dave McKay in privacy

August 30, 2020

New Code of Practice for Online Services The Age Appropriate Design Code drawn up by the Information Commissioner’s Office (ICO) will come into force in the UK on 2nd September 2020. The much-anticipated has a 12-month transition period. The code is based on 15 flexible standards to ensure a high level of privacy settings by default. They affect website designers and mobile application developers. “We want coders, UX designers and system engineers to engage with these standards in their day-to-day work and we’re setting up a package of support to help,” said the ICO.

Continue reading

Oracle and Salesforce Face £900 million Class Action

By Dave McKay in privacy

August 22, 2020

PECR and GDPR Gotchas Catch Oracle and Salesforce The Privacy and Electronic Communications Regulations govern electronic marketing in the UK. They were not changed when the General Data Protection Regulations came into force, but they were affected by them. That’s because when the PECR talks about consent, it says that the consent required must be that of the current data protection regulations. And, of course, the acceptable means of securing and recording consent changed when the GDPR superseded the 1998 Data Protection Act.

Continue reading

Categories

Tags