The building blocks of Compliance e: stonearch@protonmail.com t: 01706 559 022
The building blocks of Compliance e: stonearch@protonmail.com t: 01706 559 022
The European Commission has granted adequacy decisions for the UK, covering the UK GDPR and the Law Enforcement Directive. This means personal data can continue to flow into the UK from EEA countries. The decision will be reviewed in four years, under the addition of a 'sunset clause'. The adequacy decisions come into force immediately.
The full Opinion is available here
The document takes view on the use of FRT in public places by private organisations. The Opinion is based on six investigations undertaken by the ICO into its use, which found that not one use was fully justified, or compliant with data protection law. As a result of the investigation, none of the organisations proceeded with the use of LFR.
Just because you can, it doesn't mean you should!
The clauses cover sharing between Controllers and Processors, and the transfer of personal data to third countries. The SCCs contain long-awaited guidance on how to remain compliant in light of the Schrems II judgement, which details that organisations need to conduct assessments of the local legislation when transferring personal data to third countries (i.e. those outside of the EEA, without an adequacy decision).
The Information Commissioner's Office has fined American Express Services Europe Limited (Amex) £90,000 for sending out over four million marketing emails to customers after they had opted out of receiving them. Amex had stated that the emails sent were servicing emails, not marketing emails. It transpired that Amex had sent out upwards of 50 million 'servicing' emails to its customers, and did not review its marketing model following customer complaints.
The fine was raised under the old Data Protection Act 1998 due to when the complaint was raised. The fine could have potentially been much larger if investigated under the UK GDPR.
Click here to register for your place
The initial subject areas look to cover a broad range of data protection matters, such as the Age Appropriate Design Code, considerations around COVID 19, political campaigning, facial recognition and biometrics, good practice in AI, and international data protection trends.
We all hate nuisance calls… and they are becoming particularly noticeable with increased home working. We’re sure this news will be well received by many.
The Norwegian Supervisory Authority has issued an advance notification of 100 million Norwegian Crowns (£8.5 million), resulting from a legal complaint filed a year previous. The complaint said that Grindr users were not given sufficient privacy information about how data was used, in particular how it is shared with third parties.
Announcement from the ICO available here
Elizabeth Denham’s term as Information Commissioner has been extended to the 31st October 2021 while the recruitment process for her successor is completed.
The ICO’s blog is available in full here
The commissioner highlights the following key issues for this year:
The Fundamentals for a Child-Oriented Approach to Data Processing is available here
The document is open for consultation until March 2021. It complements the ICO’s Age Appropriate Design Code, which has now been approved by Parliament. The ‘Fundamentals’ document is somewhat broader in scope, and doesn’t focus on online products and services.
This document demonstrates the importance of protecting the privacy of children, and provides guidance and good practice in the handling of children's data. This is worth a look, regardless of which supervisory authority you fall under.
Copyright © 2023 StoneArch Compliance - All Rights Reserved.
This site does not use cookies