Category: Data Protection

Please see the blog of 25/10/2015 which updates this blog Google was given 35 days (which elapsed around October 1st) to respond to the Commissioner's Enforcement Notice; I have found out from a very reliable source that Google has not appealed (i.e. passed over the opportunity to defend the policy at the Tribunal).  As Google risks criminal prosecution if they have not complied with the ICO’s demand, I am assuming Google has complied. The nine search results related to a

Safe Harbor is now defunct because the European Court of Justice (ECJ) found the following: (a)    There is no general privacy law or other measures enacted in the USA that shows the USA offers "an adequate level of protection" for personal data relating to European data subjects; (b)    Public law enforcement authorities which obtain personal data from organisations in Safe Harbor are not obliged to follow the Safe Harbor rules after disclosure; (c)    Some USA law enforcement agencies can gain

The transfer of responsibility for data protection policy to the Department for Culture, Media and Sport (DCMS) from the Ministry of Justice (MoJ) is a really bad idea.  It fragments responsibility for data protection policy across three Departments of State and risks reducing the protection afforded to data subjects.  Important data protection recommendations from Leveson will be shelved.  This blog explains why. One reason for the shift of responsibility to the DCMS (unexplained at the moment) could be because it

This blog explains, in detail, how the Council of Minister’s text of the Regulation, in particular the exceptions specified in Article 21 (A.21) and the flexibility granted to Member States to enact variations to the obligations under the Regulation,  are very likely to result in a level of data protection below the standard established by Directive 95/46/EC. Given that the relevant parts of the Regulation (e.g. the exceptions in A.21) are being considered in current Trilog discussions, the blog provides a link

The Information Commissioner (ICO) has told the Association of British Insurers (ABI) that their members who ask data subjects to exercise their rights of access to health records in order to obtain insurance products are making several breaches of the Data Protection Act. Clearly, the ICO is expecting the ABI's variant of enforced subject access to cease; the only remaining question is whether the Insurance Industry disagrees and wants to “have its day in court”. In a letter to the ABI (see references),

Note added: 21/12/2015 after GDPR Trilog text published: Article 2b of the consolidated text states that the domestic purpose is processing “by a natural person in the course of a purely personal or household activity”; Recital 15 of that text allows for limited social media use. I therefore expect that Lindqvist and Ryneš rulings to remain relevant to the GDPR Original posting The Lindqvist decision of the European Court of Justice (ECJ) in 2003 has always caused problems.  In Data