Welcome to our European Data Protection Bulletin covering recent developments from last few months.
Particular highlights in this edition include:
Use the links below to navigate through our newsletter:
The EDPB has recently issued finalised Guidelines on Codes of Conduct as tools for transfers as well as publishing Draft Guidelines on dark patterns in social media platform user interfaces. These Draft Guidelines examine a number of dark patterns through examples and use cases and provide recommendations to designers and users of social media platforms on how to assess and avoid such practices.
The ICO has issued updated Guidance on Video Surveillance which focusses mainly on CCTV but also addresses other technologies such as Facial Recognition Technology, ANPR, machine learning algorithms, dashcams and smart doorbells and contains recommendations for ensuring that their use is aligned with data protection law requirements. The ICO has also released two further chapters of its Anonymisation Guidance for consultation: Chapter 3 (Pseudonymisation) and Chapter 4 (Accountability and governance). Lastly, in April 2022, the ICO closed a consultation into its new proposed guidance on the research provisions in the UK GDPR and the DPA 2018.
In this month's bulletin, we discuss the recent Court of Appeal decision of 'Brake v. Guy  EWCA Civ 235 which found that an employee had no reasonable basis to expect privacy in respect of personal emails sent using a shared work account. This case focuses on the law of misuse of private information and the factors which will undermine a reasonable expectation of privacy.
The ICO has been particularly active in the last couple of months with PECR monetary penalties and enforcement notices particularly against organisations making unsolicited marketing calls to vulnerable older individuals. There has also been an Enforcement Notice for failing to respond to a DSAR and a monetary penalty for a security breach caused by a ransomware attack under the GDPR.
The case that we present this month an Information Tribunal appeal against the imposition of a monetary penalty for failure to pay the £60 data protection fee. Click on the link below to discover the outcome.