Neil Brown · @neil
3794 followers · 1760 posts · Server mastodon.neilzone.co.uk

Expect to see a *lot* of press releases from people trying to hawk their wares under the banner of the , shouting about the €1.2bn fine which the Irish DPC has said it intends to impose on Facebook.

Yes, you should focus on doing things correctly.

No, your risk has not increased massively overnight.

#gdpr #UKGDPR #dataprotection

Last updated 1 year ago

Neil Brown · @neil
3793 followers · 1695 posts · Server mastodon.neilzone.co.uk

More / news: the High Court of England and Wales has decided that the group claim for data protection breaches against Google / DeepMind, resulting in a loss of control of NHS patient data, cannot continue, because there is a lack of commonality amount the claimants.

Each might have a good case individually but, collectively, they're just not enough common ground to make this a group claim.

caselaw.nationalarchives.gov.u

#UKGDPR #dataprotection

Last updated 1 year ago

Jon Belcher · @jonbelcher
309 followers · 109 posts · Server toot.wales

ICO fines TikTok £12.7m. Looks like the contraventions were around allowing access to under 13s and failing to provide adequate transparency information

ico.org.uk/about-the-ico/media

#dataprotection #UKGDPR

Last updated 2 years ago

Neil Brown · @neil
3447 followers · 747 posts · Server mastodon.neilzone.co.uk

With one eye to the mastodon.social personal data breach, if you are a fedi (not necessarily Mastodon) admin in the UK / subject to the UK GDPR, would some kind of summary of your obligations under the UK GDPR - I am thinking either blogpost or free jitsi training session or both - be of interest?

Replies / comments welcome, to help me gauge interest!

#uk #UKGDPR #fediadmin

Last updated 2 years ago

Neil Brown · @neil
3366 followers · 2837 posts · Server mastodon.neilzone.co.uk

The decision about Experian's appeal against the ICO's decision is out:

informationrights.decisions.tr

Neither side comes out looking great here, and Experian got off *very* lightly: no fine, no finding that its use of credit reference data for direct marketing was unfair.

Basically, told to provide transparency information.

#gdpr #UKGDPR

Last updated 2 years ago

Neil Brown · @neil
3224 followers · 1699 posts · Server mastodon.neilzone.co.uk

A *very* quick blogpost about today's announcement from the ICO that it has "decided to stop enforcing personal data breach reports made under Regulation 5A [PECR]".

Very muddy waters.

decoded.legal/blog/2023/01/the

#gdpr #UKGDPR #PECR

Last updated 2 years ago

Neil Brown · @neil
3223 followers · 1691 posts · Server mastodon.neilzone.co.uk

"The ICO has decided to stop enforcing personal data breach reports made under Regulation 5A."

???

ico.org.uk/about-the-ico/media

#PECR #UKGDPR

Last updated 2 years ago

Emily Barwell · @Techlawyer
122 followers · 82 posts · Server infosec.exchange

December has flown by with lots of fun festive extra activities on the mind, presents to buy and events to go to. 🎄
 
This means it's been easy to lose track of important developments in data protection - an area of law which continues to be busy all year round! 🧐
 
So whilst lots of us are winding down for a nice long holiday weekend, here are five significant events in December from a GDPR and UK GDPR perspective in case you missed them:
 
1️⃣ The EU Commission has proposed a draft EU - US Data Privacy Framework (the new 'privacy shield' ). However, whilst the draft is significant, the decision has not been finalized. The process which expected to take another 6 months.

2️⃣ The UK Information Commissioner published various important pieces including its Direct Marketing Guidance which has long been anticipated by the industry. The ICO also released a forward thinking piece called 'Tech Horizons' which examines the implications of some of the most significant technological developments for privacy in the next two to five years.

3️⃣ The EU has signed a declaration on EU digital rights and principles that highlights "the EU's commitment to a secure, safe and sustainable digital transformation." The declaration is wider than just protecting personal data including themes around sustainability and digital inclusion.

4️⃣ Microsoft plans to roll out a 'data boundary' for its EU customers from 1 January to help their customers comply with their commitments under the GDPR.

5️⃣ New draft texts has been released for significant EU legislation in the data space, including the upcoming Act, and the EU Data Act.
 
And of course, there were many more developments. Would anything else make your top 5?

#esg #ai #dataprotectionlaw #dataprivacylaw #dataprotection #gdpr #UKGDPR #data #privacyshield #InternationalBusiness

Last updated 2 years ago

Neil Brown · @neil
2861 followers · 587 posts · Server mastodon.neilzone.co.uk

"The data bridge regulation (previously referred to as data adequacy) made by the UK government of the Republic of Korea came into effect on 19 December 2022."

gov.uk/government/publications

#UKGDPR #dataprotection

Last updated 2 years ago

Emily Barwell · @Techlawyer
119 followers · 80 posts · Server infosec.exchange

As a data protection lawyer, I often seen companies push data retention or data deletion policies to the bottom of the list.

It's sometimes seen as less important, because customers don't typically see this.

However, a recent fine by the CNIL shows there are real risks in delaying and never quite getting round to it. 😬

In this instance, Discord (a popular chat platform for gamers 🎮) received a fine over 800,000 euros for:

❌ Not having a written data retention policy
❌ Not having specific retention periods or criteria for determining retention periods
❌ Failing to ensure data protection by default in the way the application sat in the background on Windows platforms
❌ Failure to ensure security by not setting strong enough password criteria
❌ Failure to carry out data protection impact assessments.

If you are a company dealing with customers in the EU or UK, there is no better time than now to be elevating data retention/deletion on your 'to do' list. ✔️

cnil.fr/en/discord-inc-fined-8

#dataprotection #dataprivacy #dataretention #datadeletion #dataprocessing #gaming #gamingnews #gdpr #UKGDPR

Last updated 2 years ago

Neil Brown · @neil
2128 followers · 582 posts · Server mastodon.neilzone.co.uk

Obviously, a privacy notice means nothing if you don't trust me - and I am a random bloke on the Internet, so why *would* you trust me?! - but if you care, our privacy notice for the Christmas card jape is here:

decoded.legal/privacy_notice_c

#gdpr #UKGDPR #christmas

Last updated 2 years ago

Neil Brown · @neil
2039 followers · 633 posts · Server mastodon.neilzone.co.uk
Emily Barwell · @Techlawyer
60 followers · 31 posts · Server infosec.exchange

For those who follow in the UK. The UK Information Commissioner released an update to the guidance on this yesterday.

The update includes:

- new section on transfer risk assessments (TRAs) and;
- a Transfer Risk Assessment tool.

Link: ico.org.uk/about-the-ico/media

#dataprotectionlaw #UKGDPR

Last updated 2 years ago

Emily Barwell · @Techlawyer
60 followers · 31 posts · Server infosec.exchange

This week I spoke about international data transfers with a couple colleagues on a webinar. 🎙️​

The challenges around this are ongoing, despite the possible new EU-US privacy shield and adequacy discussions in the UK under way.

Want to listen the webinar? Link: osborneclarke.com/events/dippi. (you will need to sign up with some org details to access).

The first half, my colleague provides an overview of using the UK International Data Transfer Agreement and Addendum. In the second half I talk about updates with regards to transferring personal data to the US. Enjoy! 🙂​

#dataprivacy #dataprotection #gdpr #UKGDPR

Last updated 2 years ago

Neil Brown · @neil
1783 followers · 563 posts · Server mastodon.neilzone.co.uk

And we have ICO guidance on international data transfers - in particular, transfer risk assessments.

But *not* guidance on the (yet).

ico.org.uk/for-organisations/g

#IDTA #UKGDPR #gdpr #dataprotection

Last updated 2 years ago

NADPO · @NADPO
1 followers · 2 posts · Server mastodon.think-privacy.com

Less than a week to go! Last chance for tickets for our in-person conference. Tickets free for members, £50 for non-members. A great line-up of speakers, lunch provided. Can't wait to see everyone nadpo.co.uk/event/nadpo-confer

#Dataprotection #gdpr #UKGDPR #foi #freedomofinformation

Last updated 2 years ago

📆 We’re looking forward to speaking about pressing Freedom of Information issues at the NADPO Annual Conference on Tuesday (22 Nov).

Confirmed speakers include:
👉John Edwards, Information Commissioner
👉 Maurice Frankel @CampaignFoI
👉 Prof Victoria Nash @oiioxford
👉 Prof Lillian Edwards @lilianedwards

Non-members can get tickets here: nadpo.co.uk/event/nadpo-confer

#foi #freedomofinformation #foia #dataprotection #gdpr #UKGDPR

Last updated 2 years ago

Infospectives · @TrialByTruth
776 followers · 160 posts · Server mastodon.social

Most alarms raised start as carefully worded and civil enquiries. In reply to this a prior thread that worked through a scenario, where poorly controlled surveillance via and excessive ministerial power in linked secondary legislation is likely to have some unintended consequences

Ones that will lean on FOI, judicial review, and , plus investigative journalism and maybe protest to counter. All being undermined right now

#onlinesafetybill #humanrightsact #UKGDPR

Last updated 2 years ago

Neil Brown · @neil
1309 followers · 589 posts · Server mastodon.neilzone.co.uk

@Janet_LegReg I would need to give it a lot more thought. In particular, identifying what the relevant transfers are, and who does them.

For example, I suspect that there's a world of difference between an English admin who backs up their instance to a server in the USA, and a user of an instance in the UK @-mentioning someone in the USA.

#UKGDPR #InternationalTransfers

Last updated 2 years ago

Mariano delli Santi · @marianods
1172 followers · 347 posts · Server mastodon.bida.im

RT @boell_eu
@OpenRightsGroup @jimkillock @EUdelegationUK @TerryReintke @GDelbosCorfield @CarolineLucas @natalieben @UKandEU @juliahimmrich @JeanLambertLDN @ZackPolanski @DigitalEU @ellajakubowska1 @accessnow @DIGITALEUROPE @cdteu @mikarv @DCMS @Jiri_Mnuk @CMAgovUK @1Br0wn @EU_Competition @Iptegrity @sebabecks @ellenejudson 🟢 What would it take for the to "operate as the world's data hub"? @jimkillock, A. Stepanova, H-W Low & @ds_m4riano consider areas of divergence with law in the UK's & : eu.boell.org/en/uk-data-protec @OpenRightsGroup @PrivacyMatters @edri

#UKGDPR #gdpr #DPDIBill #dataprotection #eu #uk

Last updated 2 years ago