What's new? After more than 12 months of debate, the Investigatory Powers Bill (dubbed by the media, like all interception legislation, as the 'Snooper's Charter') passed through its final stages in the House of Lords on 16 November, granting the government surveillance powers described by US whistle-blower Edward Snowden as "the most extreme … in the history of western democracy.” The Bill is designed to future proof law enforcement powers in the face of ever-evolving forms of digital communication. It covers the following:
  • General privacy protections
  • Lawful interception of communications
  • Authorisations for obtaining communications data
  • Retention of communications data
  • Equipment interference
  • Bulk warrants
  • Bulk personal dataset warrants
  • Oversight arrangements
Background Upon receiving Royal Assent, the date of which is still unclear, the Bill will mark a major overhaul of the UK's regimes on communications data retention and law enforcement access rules. As Datonomy readers will be familiar, the new legislation has been under discussion for many years under successive governments … Continue Reading ››
The Information Commissioner's Office (ICO), the UK's data protection regulator, is cracking down on the online gambling sector's use of personal data to promote online gambling. It has contacted around 400 companies to threaten them with fines of up to £500,000 if they are found to be collecting and using personal data for marketing in a manner which does not comply with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR). In its press release, the ICO said it is writing to over 400 companies, all believed to be egaming marketing affiliates, demanding they set out how they use people’s personal details and send marketing texts, including where they got people’s personal information from and how many texts they sent. What is the ICO worried about? The ICO has expressed concern that the prolific use of affiliate marketing is resulting in a lack of accountability, … Continue Reading ››
On 19 October 2016, the European Court of Justice rendered a decision in the infamous Breyer case, which provided more clarification as to the qualification of personal data in our continuously growing digital economy. The Court ruled that dynamic IP addresses can constitute personal data even when the data controller must seek additional information from a third party in order to truly identify a person. The implications of this outcome are not to be underestimated, especially given the liability and compliance obligations of controllers, which are a lot more lenient when the data in question is not considered "personal" data. It also remains to be seen how this decision will relate to the harmonization attempts of the GDPR as Breyer seems to leave the door open for interpretation depending on other national laws that affect the concept of personal data. Dynamic IP addresses The case was referred to the CJEU … Continue Reading ››
As part of our GDPR readiness webinar series, in this session we will look at the implications on the Executive Search and Recruitment Industry and challenges that the new Regulation (set to apply from 25 May 2018) presents.  In particular we will look at the following:
  • Who is caught by the Regulation
  • What "consent" means and when do you need to get it. How this fits with existing marketing consent rules
  • Rules on processing publicly available data as part of the recruitment process
  • Notification obligations – what you need to tell candidates and potential candidates and when
  • The risks of non-compliance
  • Email correspondence
  • Q&A Session
Speakers: Jenny Grogan (Senior Associate, Employment, Olswang), Joseph Blass (NotActivelyLooking.com) and Elle Todd (Partner and Head of Digital and Data, Olswang) Date: Tuesday 8 November 2016 Time: 10am – 11am GMT To register for this webinar please click here If you have any questions regarding the webinar please contact the events team events@olswang.com
The General Data Protection Regulation ("GDPR") comes into force on 25 May 2018. It is binding for all member states and provides for a harmonisation of the data protection regime throughout the EU. However, various opening clauses provide member states with discretion to introduce additional national provisions to further specify the application of the GDPR. The German legislator has been among the first to draft such provisions supplementing the GDPR. What areas does the General Federal Data Protection Act cover? Recently a draft of the German Federal Ministry of the Interior for a General Federal Data Protection Act (Allgemeines Bundesdatenschutzgesetz, "GFDPA") has been leaked. This is meant to replace the current Federal Data Protection Act (Bundesdatenschutzgesetz, "FDPA"). The draft includes new provisions in areas that are subject to the opening clauses of the GDPR. For example:
What is the new code and what does it recommend? The Information Commissioner's Office (ICO) on 7 October 2016 has published a new code of practice on privacy notices, following its consultation back in February of this year. It provides guidance to organisations on how to make privacy notices more engaging and effective for individuals while emphasising the importance of greater choice and control over what is done with their data. The ICO has also published a useful checklist of the information that needs to be included in the privacy policy. You can check the ICO's privacy notice checklist here. The code rightly states that current privacy notices tend to be "too long, overly legalistic, uninformative and unhelpful" and recommends a blended approach. It encourages the use of different techniques, such as a just-in-time message informing the data subject why their email is needed or a short video explaining how … Continue Reading ››

this blog discusses data protection law, practice and problems