Category: Other Information Law

This blog tries to answer a simple question: “what can a data controller do if there are transfers between the UK and the European Union(EU) if the Article 50 button is pressed and there is a no subsequent agreement between the UK and the European Commission within the two-year timeframe?”. In other words, what happens if there is a very Hard Brexit? The assumptions I am therefore making are as follows: there is no deal re Brexit and the UK is

Happy New Year (and welcome back to the daily grind). This blog adds two further reasons why I think a post-Brexit UK is very unlikely to offer an adequate level of protection in terms of the General Data Protection Regulation (GDPR). One reason relates to recent comments made by Prime Minister Mrs May about human rights. The other relates to the non-compliance of the national security agencies with their existing data protection obligations under the Data Protection Act 1998 (DPA).

Adjournment debate on GDPR – last Monday December 12 Full debate on: https://hansard.parliament.uk/Commons/2016-12-12/debates/6EB0C615-2571-4B26-A75B-8CD1CF5FD854/EUDataProtectionRules Key quotes from the Minister for Digital and Culture (Matt Hancock) are below. "We were clear in the negotiations on the GDPR that any new data protection legislation needs to meet the need for high standards of protection for individuals’ personal data while not placing disproportionate burdens on businesses and organisations. The UK was successful in negotiating a more risk-based approach to the GDPR, allowing for greater flexibility

As promised in last Friday’s blog, an explanation why the data sharing provisions in Part V of the Digital Economy Bill (the “Bill”) should not be supported. The Bill completes its Commons stages today with hardly any detailed scrutiny of its data sharing provisions. In privacy terms, this blog shows that the data sharing proposals demonstrate: (a) a lack of understanding of how the Data Protection Act (DPA) works; (b) a failure to explain how the interference inherent in data sharing

Many commentators have reported the statement from the Secretary of State at the Department of Culture, Media and Sport (DCMS) that the UK Government is to implement the General Data Protection Regulation (GDPR). However, those who reported the announcement have failed to follow through with a detailed analysis of this position. For example, data controllers should not assume that UK’s adoption of the GDPR will automatically mean that the UK offers an adequate level of protection. This blog explains this

Clause 77 of the Digital Economy Bill will establish a statutory Direct Marketing Code of Practice that has the same status as the Data Sharing Code of Practice. This Code should finally put to bed all the controversial issues with respect to Direct Marketing (e.g. whether there should be “opt-in” or “opt-out”), the meaning of “consent” in the context of marketing and when it is possible to engage in Direct Marketing without the consent of the data subject. The Code,

At this week’s Conservative Party Conference there will be a lot of talk about making Brexit happen, putting the “Great” back in Britain, and taking back control of our laws. However, there is one law where the Government is reluctant to express much enthusiasm for sovereignty at all; it is the Computer Misuse Act (CMA) 1990. Indeed, it has allowed UK officials to defer to the interests of a foreign state (without a murmur) even though serious custodial offences are

There are whispers circulating in the aether that if PrivacyShield is deemed adequate for transfers of personal data from the European Union(EU) to the USA, then in a post-Brexit Britain, something akin to PrivacyShield can allow for adequate transfers of personal data to the UK. Such an “adequacy” determination would mean that the UK would not need to implement the General Data Protection Regulation (GDPR). Indeed, if PrivacyShield is deemed adequate, why can’t the UK also replace the current Data

Were you phoned up by the Leave or Remain Campaigns on your ex-directory telephone number during the Referendum Campaign (probably in breach of PECR)? I was.  If so, how did they my number? How did one of the Campaigns, for example, know who was a Millwall fan so the caller from a Campaign gloated (sorry, I mean commiserated) with him or her over the 3-1 defeat by Barnsley at Wembley in May? Intrigued, I have done a little digging; first

Today, the Government will whip its controversial Investigatory Powers Bill (IP Bill) through its Parliamentary Report stage; the Bill, in part, provides powers that permit the national security agencies to amass bulk personal datasets where the majority of personal data in a bulk dataset relates to data subjects who are not of interest to these agencies. The Government has so far ignored the data protection recommendations of the draft IP Bill Committee which asked for important data protection considerations to