Category: Data Protection

At this week’s Conservative Party Conference there will be a lot of talk about making Brexit happen, putting the “Great” back in Britain, and taking back control of our laws. However, there is one law where the Government is reluctant to express much enthusiasm for sovereignty at all; it is the Computer Misuse Act (CMA) 1990. Indeed, it has allowed UK officials to defer to the interests of a foreign state (without a murmur) even though serious custodial offences are

There are whispers circulating in the aether that if PrivacyShield is deemed adequate for transfers of personal data from the European Union(EU) to the USA, then in a post-Brexit Britain, something akin to PrivacyShield can allow for adequate transfers of personal data to the UK. Such an “adequacy” determination would mean that the UK would not need to implement the General Data Protection Regulation (GDPR). Indeed, if PrivacyShield is deemed adequate, why can’t the UK also replace the current Data

Were you phoned up by the Leave or Remain Campaigns on your ex-directory telephone number during the Referendum Campaign (probably in breach of PECR)? I was.  If so, how did they my number? How did one of the Campaigns, for example, know who was a Millwall fan so the caller from a Campaign gloated (sorry, I mean commiserated) with him or her over the 3-1 defeat by Barnsley at Wembley in May? Intrigued, I have done a little digging; first

Today, the Government will whip its controversial Investigatory Powers Bill (IP Bill) through its Parliamentary Report stage; the Bill, in part, provides powers that permit the national security agencies to amass bulk personal datasets where the majority of personal data in a bulk dataset relates to data subjects who are not of interest to these agencies. The Government has so far ignored the data protection recommendations of the draft IP Bill Committee which asked for important data protection considerations to

If a=b and b=c then it follows that a=c. So, how does this set of simple equations relate to data protection? Well if direct marketeers, privacy advocates and supervisory authorities recognised that a=c then most of the debate concerning data protection and the marketing purpose would be settled. Don’t believe me? Just follow the argument under the current Act (DPA) or indeed the General Data Protection Regulation (GDPR). All across Europe (and especially the UK) there has been a debate

If Member States can, by law, exercise legislative “flexibility” when implementing 50+ Articles of the General Data Protection Regulation (GDPR), how can the Regulation ever become harmonised across European Union? Pose this important question another way: given that the UK Government intends to use legislative flexibility to the maximum in favour of the interests of controllers (see report on meeting with the Minister in January; references), how do we know that the UK will not enact something that could be