Laying odds on Brexit's data protection implications

(Sep 21, 2018) Among other things, 2018 will go down in history as the year of panics over data protection. First, it was the EU General Data Protection Regulation and its impossible deadline for compliance. Now, it is Brexit and the uncertainty as to what it will mean. The famous phrase "Brexit means Brexit" is as cryptic today as it was two years ago. But now, with six months to go for the U.K.'s scheduled departure from the European Union, the uncertainty of not knowing what Brexit will look like seems para... Read More

Brexit and data protection: Laying the odds

(Sep 21, 2018) Among other things, 2018 will go down in history as the year of panics over data protection. First, it was the GDPR and its impossible deadline for compliance. Now it is Brexit and the uncertainty as to what it will mean. The famous phrase "Brexit means Brexit" is as cryptic today as it was two years ago. But now, with six months to go for the U.K.'s scheduled departure from the European Union, the uncertainty of not knowing what Brexit will look like seems paralyzing. The outcome of the Brexit ... Read More

Will the ICO's Equifax penalty impact US enforcement actions?

(Sep 21, 2018) The U.K. Information Commissioner's Office has fined Equifax 500,000 GBP for its 2017 data breach affecting 146 million consumers around the world, including 15 million British data subjects. The agency decided to levy the highest financial penalty it could under the Data Protection Act 1998. IAPP Associate Editor Ryan Chiavetta, CIPP/US, takes a look at the decision, asking the ICO what the penalties may have looked like if the investigation took place under the EU General Data Protection Regul... Read More

ICO serves AggregateIQ with first-ever GDPR formal notice

(Sep 21, 2018) The U.K. Information Commissioner's Office has served data analytics firm AggregateIQ with the first-ever formal notice under the EU General Data Protection Regulation, BBC News reports. AggregateIQ has been accused of processing citizens' data for "for purposes which they would not have expected." The ICO said the firm had been gathering data before the May 25 GDPR implementation date; however, the agency believes AggregateIQ has continued to retain and process the information since the law has... Read More

Report implicates UK in Belgium telecom hacking

(Sep 21, 2018) A source close to the matter revealed a confidential report by Belgian investigators was submitted to the office of Justice Minister Koen Geens that details how British intelligence services hacked Belgacom at the request of the U.S., AFP reports. Belgacom, Belgium's state-owned telecom company, handles phone and data traffic in Africa and the Middle East, in addition to European customers. The discovery is the latest to come from revelations made by Edward Snowden in 2013 and will now be examin... Read More

Notes from the IAPP Europe Managing Director, 21 Sept. 2018

(Sep 20, 2018) Greetings from Munich! "GDPR: strong on paper, weak on enforcement?" That was the question Undine von Diemar, a partner at Jones Day, raised in her opening statement at DPI: Deutschland, the first IAPP conference in Germany. And, in response, German DPAs at the event outlined their ongoing audit requests and discussed their plans to audit GDPR compliance in the next months. At a pre-conference KnowledgeNet on Monday evening, opened by IAPP President and CEO Trevor Hughes, Lothar Determann, par... Read More

Study: 45 percent of UK citizens suffered 'harm' online

(Sep 20, 2018) A study conducted by Ofcom found 45 percent of U.K. citizens have suffered a form of harm online, BBC News reports. Ofcom broke down the types of harm into four categories, including data and privacy, cybersecurity and hacking, interactions with other users, and online content people see, watch or hear. The study found most citizens would likely be affected by harmful interactions via email and social media. Of the respondents who said they suffered harm, 20 percent said the experience was “very... Read More

UK local authorities accused of compiling 377,000 people's data

(Sep 20, 2018) Five local authorities are accused of compiling 377,000 people’s data to develop an algorithm intended to predict child abuse, allowing social workers to intervene with families believed to need outreach, The Telegraph reports. A spokesman for the Information Commissioner's Office said it was looking into the matter, adding, “The use of predictive analytics for child safeguarding is clearly an activity that is likely to have a significant impact on the privacy of individuals.” Data alleged to ha... Read More

London opening Office of Technology & Innovation

(Sep 20, 2018) As part of its smart-city strategy, London will be opening its Office of Technology & Innovation before the end of the year, Cities Today reports. The office is part of more than 20 initiatives designed to help the advancement of smart technology and data sharing among London’s public services. “In a city that has been non-strategic in its approach to technology and its civic benefits, we need to create the institutions that enable city-wide collaboration such as [this] new office,” London C... Read More

ICO fines Equifax 500K GBP for data breach

(Sep 20, 2018) The U.K. Information Commissioner’s Office fined Equifax 500,000 GBP for the credit-monitoring firm’s 2017 data breach. The ICO conducted an investigation with the Financial Conduct Authority, finding Equifax violated five out of eight data protection principles of the Data Protection Act 1998, including failure to secure personal data and subpar data retention practices. “We are determined to look after UK citizens’ information wherever it is held,” Information Commissioner Elizabeth Denham sai... Read More