Welcome to our European Data Protection Bulletin covering recent developments from the last few months.
Particular Highlights include:
Information Tribunal Appeal Cases
Draft Guidlines on the calculation of fines under the GDPR
On the 12th May 2022, the EDPB released its draft guidlines on the calculation of fines under the GDPR. These were open for consultation until 27th June, and we are now awaiting the finalised version.
Guidlines 05/2022 on the use of facial recognition technology in the area of law enforcement
On 12th May 202, the EDPB issued new guidance to law makers and Law Enforcement Authorities on the implementation and use of Facial Recognition Technology in accordance with data privacy legislation.
EDPB Guidlines on certification as a tool for transfer
On 14th June, the EDPB published guidlines for consultation as to the application of Art. 46 (2) (f) GDPR on transfers of personal data to third countries or to international organisations on the basis of certification.
What is in a name? CJEU gives a wide definition of what consitutes processing of sensitive data
On 1st August 2022, the CJEU in Grand Chamber handed down a decision on the scope of Article 9 GDPR. Our team discuss the decision and its implications.
ICO funding update: Fine income rentention agreement
On 14 June 2022, the Information Commissioner's Office released a statement announcing that the Department for Digital, Cuture, Media & Sport and the Treasury had agreed that the ICO would now be able to retain some of the funds paid as a result of civil monetary penalties.
ICO sets out revised approach to public sector enforcement
On 30 June 2022, the Information Commissioner's Office set out a revised approach to working more effectively with public authorities.
UK's agreement in principle to an adequacy decision in South Korea
On 5th July 2022, the UK and South Korea signed a Data Adequacy Agreement in Principle. This is the first 'in principle' adequacy decision the UK has entered post-Brexit.
ICO and NCSC advise against making ransomware payments & new guidance against the threat of credential stuffing attacks
On 8 July 2022, The Information Commissioner's Office and the National Cyber Security Centre released a joint letter requesting the Law Society remind members of the profession about their obligation and the appropriate responce to a ransonware attack.
UK Data Reform: Government publishes data protection reform consultation responce and draft bill
Following Brexit, the government promised that the UK's data protection regime would be reformed as part of its National Data Strategy. The Government has now followed through and published both (i) a responce to its original consultation and (ii) a draft Data Protection and Digital Information Bill.Highlights
This month we include details of a £7.5 million fine issued by the ICO against Clearview AI Inc for its continued infringement of the UK GDPR.
Highlights
This month we include details of an application by Olufunke Osifeso for an appeal for procedural problems with an ICO decision under s166 DPA 2018.