Author: info@amberhawk.com

The Government’s Brexit policy assumes that the Data Protection Act 2018 is good enough to obtain an adequacy determination and envisages the ICO playing a full part in the European Data Protection Board; this is to protect the free flow of personal data to the UK.  This policy was brutally murdered last Friday by the EU’s lead Brexit negotiator who stated that the UK would have to seek an adequacy determination. Sadly, in March, the Information Commissioner told Parliament that there were

The Data Protection Bill (engaged in Parliamentary ping-pong) contains an exemption that allows confidential employment references to be kept secret in all circumstances; this exemption has not been discussed, debated or challenged. The exemption thus raises the spectre that an employer will be able to give a confidential reference about an employee where the employee is ignorant of the reference and has no right of access to check the accuracy of the reference. The exemption exists in a non-virulent form

Here is my take on the Facebook/Cambridge Analytica affair. I have no specialist inside knowledge or information but hopefully the blog can help focus the data protection debate on some of the issues (other than warrant delays and repeated claims by all parties that there is no data protection problem!). Please feel free to comment. First to Dr Aleksandr Kogan. He is the academic employed at Cambridge University who first obtained the personal data for an academic research project undertaken

The political kerfuffle over the Government’s Brexit machinations makes it timely to point out that the European Commission’s negotiating document on Brexit states that the UK’s implementation of the GDPR is an issue of importance in any negotiations. Indeed, the Commission’s document states that the content of the UK’s Data Protection Bill (“DPBill”), now before the House of Commons, is unfinished business from the first phase of these negotiations. I had mistakenly assumed that stage one of these Brexit talks

Mrs May, at the last Prime Minister’s Questions before the Xmas recess, said in response to a question from a Conservative MP: “We are very clear that we (the UK) will be leaving the EU on 29 March 2019 at 11 pm”. As Government policy is for the UK to become a Third Country on this date, what does this imply? First, any assessment of UK adequacy by the European Commission (if one is to be made) has to be undertaken before

The Data Protection Bill (“DPBill”) based on the General Data Protection Regulation (“GDPR”) will, hopefully, call time on what always has been a problem. Controllers who believe that the delivery of health, education and social work public sector services have to rely on “data subject consent” for the processing of personal data related to those services. When the DPBill is enacted, any reliance on consent creates a problem because when a data subject withdraws consent, there is an expectation that

Under the current Data Protection Act (“DPA”), controllers need a Schedule 2 legal basis/ground to process personal data. Schedule 2 lists six main groupings and a controller has to select at least one from the list. If a controller does not have a legal basis/ground for the processing, then the controller cannot process the personal data – end of argument. So, it is surprising to discover that Clause 8 of the Data Protection Bill (“DPBill”), through the use of the word “includes”, can