Category Legal update

European Commission set to call time on Privacy Shield

Time has almost run out for EU-US Privacy Shield. It’s highly probable that by 18 October 2018, the European Commission will agree with the European Parliament vote taken in July 2018 to suspend EU-US Privacy Shield, the international data sharing agreement between the US and the European Union.

This won’t come as any surprise within the data privacy community and in many respects has been on the cards since the Facebook and Cambridge Analytica scandal earlier this year that underlined the importance of monitoring mechanisms intended to protect citizens from the misuse of their personal data on an industrial scale.

But it would be wrong to write off Privacy Shield as bein...

Read More

Appearance on BBC Radio 5 Live Wake up to Money – 23 May 2018

Interviewed on the ‘zombie GDPR emails’ news story running on the BBC after I had posted the blog on LinkedIn. You can listen to my interview again here

 

Read More

US companies are behind the curve on understanding how GDPR impacts their businesses

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply to ...

Read More

‘Surveillance Capitalism’ – will it survive post-GDPR?

Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?

Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.

The class action reads as follows:

1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users...

Read More

Lack of transparency with Facebook and other social media sites will be forced to come to an end as a result of GDPR

The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days fr...

Read More

British Government showdown with social media giants next month

Last chance saloon for social media giants, warns Matthew Hancock, Secretary of State, DCMS as British Government raises the prospect of a ‘breach of duty of care’ owed to users of social media services and promises more legislation unless they get themselves sorted out.

Speaking to The Sunday Times (25 March 2018), Hancock said Facebook and other tech giants that harvested personal data from users would be ordered to simplify their terms and conditions so they fitted on a single page.

He’s summoned Facebook, Google and Twitter to a showdown next month following revelations about the way Facebook data was used by the UK firm Cambridge Analytica to help Donald Trump’s Presid...

Read More

Not a good start to the New Year for Apple

Apple has just issued a second customer warning for owners of its iPhones, iPads and MAC products that they are affected by a processor flaw that could leave them vulnerable to hackers.

The US tech giant urged its millions of customers to only download software from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday.

According to the Press Association (PA News), there’s no evidence that the security flaws that affect computer processors built by Intel and ARM – have so far been exploited by hackers, although companies including Microsoft have been working to provide urgent fixes.

Apple says it had released software ...

Read More

Landmark judgment in data protection action against Morrisons at High Court in UK

Supermarket giant Morrisons has been found vicariously liable for the actions of a rogue member of staff who stole the personal data of thousands of workers and posted it online in revenge for disciplinary action taken against him by the company.

On 1 December 2017, Mr Justice Langstaff at the High Court ruled that Morrisons was vicariously liable for the personal data breach that leaked their names, addresses, salaries, bank account details, national insurance and other sensitive personal data on line.

In July 2015, former internal auditor Andrew Skelton was found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing person...

Read More

Legality of Standard Contractual Clauses (SCC’s) hangs in the balance awaiting decision by CJEU

Ireland’s High Court has just ruled today (Tuesday 3 October 2017) that the decision to ban the use of Standard Contractual Clauses (SCC) by social media giants like Facebook, Microsoft and Google to transfer users’ personal data to the US must be initially decided by the Court of Justice of the European Union (CJEU).

Giving her judgment in open court, Irish High Court Judge Caroline Costello said: “I have decided to ask the Court of Justice for a preliminary ruling. European Union law guarantees a high level of protection to EU citizens…they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area.”

T...

Read More

Is processing personal data under ‘legitimate interest’ creepy or cool?

With less than 200 working days left before Regulation 2016/679 (General Data Protection Regulation) kicks in, a new global study published by the Centre for Information Policy Leadership – a privacy and security think tank – claims that organisations in the US, South America, Europe and Asia are confused about the legal basis for processing personal data under the GDPR.

A total of 223 senior managers of multi-national companies (57% Data Controllers, 43% Data Processors) responded to the survey across a wide variety of sectors including financial services, healthcare, pharma, technology and telecoms.

The authors of the study explored the reasons why organisations choose to r...

Read More