Author: info@amberhawk.com

As promised in last Friday’s blog, an explanation why the data sharing provisions in Part V of the Digital Economy Bill (the “Bill”) should not be supported. The Bill completes its Commons stages today with hardly any detailed scrutiny of its data sharing provisions. In privacy terms, this blog shows that the data sharing proposals demonstrate: (a) a lack of understanding of how the Data Protection Act (DPA) works; (b) a failure to explain how the interference inherent in data sharing

Many commentators have reported the statement from the Secretary of State at the Department of Culture, Media and Sport (DCMS) that the UK Government is to implement the General Data Protection Regulation (GDPR). However, those who reported the announcement have failed to follow through with a detailed analysis of this position. For example, data controllers should not assume that UK’s adoption of the GDPR will automatically mean that the UK offers an adequate level of protection. This blog explains this

Clause 77 of the Digital Economy Bill will establish a statutory Direct Marketing Code of Practice that has the same status as the Data Sharing Code of Practice. This Code should finally put to bed all the controversial issues with respect to Direct Marketing (e.g. whether there should be “opt-in” or “opt-out”), the meaning of “consent” in the context of marketing and when it is possible to engage in Direct Marketing without the consent of the data subject. The Code,

At this week’s Conservative Party Conference there will be a lot of talk about making Brexit happen, putting the “Great” back in Britain, and taking back control of our laws. However, there is one law where the Government is reluctant to express much enthusiasm for sovereignty at all; it is the Computer Misuse Act (CMA) 1990. Indeed, it has allowed UK officials to defer to the interests of a foreign state (without a murmur) even though serious custodial offences are

There are whispers circulating in the aether that if PrivacyShield is deemed adequate for transfers of personal data from the European Union(EU) to the USA, then in a post-Brexit Britain, something akin to PrivacyShield can allow for adequate transfers of personal data to the UK. Such an “adequacy” determination would mean that the UK would not need to implement the General Data Protection Regulation (GDPR). Indeed, if PrivacyShield is deemed adequate, why can’t the UK also replace the current Data

Were you phoned up by the Leave or Remain Campaigns on your ex-directory telephone number during the Referendum Campaign (probably in breach of PECR)? I was.  If so, how did they my number? How did one of the Campaigns, for example, know who was a Millwall fan so the caller from a Campaign gloated (sorry, I mean commiserated) with him or her over the 3-1 defeat by Barnsley at Wembley in May? Intrigued, I have done a little digging; first

Today, the Government will whip its controversial Investigatory Powers Bill (IP Bill) through its Parliamentary Report stage; the Bill, in part, provides powers that permit the national security agencies to amass bulk personal datasets where the majority of personal data in a bulk dataset relates to data subjects who are not of interest to these agencies. The Government has so far ignored the data protection recommendations of the draft IP Bill Committee which asked for important data protection considerations to