Home
Insights
UK & EU Data Protection Bulletin: September 2022

UK & EU Data Protection Bulletin: September 2022

Published

Sep 28 2022

Written By

Elizabeth Upton

Legal Director
UK

Ruth Boardman

Partner
UK

Ariane Mole

Partner
France

Welcome to our European Data Protection Bulletin covering recent developments from the last few months.

Particular Highlights include:

EDPB Guidance on Administering Fines
CJEU case providing a wide definition of sensitive personal data
UK's agreement in principle to an adequacy decision with South Korea
Update on the UK's Data Reform Bill

Information Tribunal Appeal Cases

Download the Bulletin here

EDPB

Draft Guidlines on the calculation of fines under the GDPR

On the 12th May 2022, the EDPB released its draft guidlines on the calculation of fines under the GDPR. These were open for consultation until 27th June, and we are now awaiting the finalised version.

Read more here

Guidlines 05/2022 on the use of facial recognition technology in the area of law enforcement

On 12th May 202, the EDPB issued new guidance to law makers and Law Enforcement Authorities on the implementation and use of Facial Recognition Technology in accordance with data privacy legislation.

Read more here

EDPB Guidlines on certification as a tool for transfer

On 14th June, the EDPB published guidlines for consultation as to the application of Art. 46 (2) (f) GDPR on transfers of personal data to third countries or to international organisations on the basis of certification.

Read more here

CJEU

What is in a name? CJEU gives a wide definition of what consitutes processing of sensitive data

On 1st August 2022, the CJEU in Grand Chamber handed down a decision on the scope of Article 9 GDPR. Our team discuss the decision and its implications.

Read more here

ICO

ICO funding update: Fine income rentention agreement

On 14 June 2022, the Information Commissioner's Office released a statement announcing that the Department for Digital, Cuture, Media & Sport and the Treasury had agreed that the ICO would now be able to retain some of the funds paid as a result of civil monetary penalties.

Read more here

ICO sets out revised approach to public sector enforcement

On 30 June 2022, the Information Commissioner's Office set out a revised approach to working more effectively with public authorities.

Read more here

UK's agreement in principle to an adequacy decision in South Korea

On 5th July 2022, the UK and South Korea signed a Data Adequacy Agreement in Principle. This is the first 'in principle' adequacy decision the UK has entered post-Brexit.

Read more here

ICO and NCSC advise against making ransomware payments & new guidance against the threat of credential stuffing attacks

On 8 July 2022, The Information Commissioner's Office and the National Cyber Security Centre released a joint letter requesting the Law Society remind members of the profession about their obligation and the appropriate responce to a ransonware attack.

Read more here

Other UK News

UK Data Reform: Government publishes data protection reform consultation responce and draft bill

Following Brexit, the government promised that the UK's data protection regime would be reformed as part of its National Data Strategy. The Government has now followed through and published both (i) a responce to its original consultation and (ii) a draft Data Protection and Digital Information Bill.

Read more here