On Friday, 27 March 2015, the Court of Appeal upheld Justice Tugendhat's landmark judgment in Vidal-Hall et al v Google  [1], which memorably classified the misuse of private information as a tort. The Court has also held that claimants may recover damages under the Data Protection Act 1998 for non-material loss. This ruling allows the three individual claimants to continue their proceedings against Google regarding the tracking and collation of their browser generated information ("BGI") via their Apple Safari browser. "On the face of it, these claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature, as specified in the confidential schedules, about and associated with the claimants' internet use, and the subsequent use of that information for about nine months.  The case relates to the anxiety and distress … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • The UK government and Marsh (a UK insurance broker and risk advisor), have announced a new joint initiative to promote cyber insurance by publishing a report titled, “UK cyber security: the role of insurance in managing and mitigating the risk”.  The report details how the UK can become the world centre for cybersecurity insurance by working with the Cyber Essentials scheme.  The insurance industry has a major opportunity to expand offerings given that fewer than 10% of UK companies currently have cyber insurance protection.  Read the full report here.
  • The UK Minister for the Cabinet Office, Francis Maude, has announced that the UK is planning to collaborate with Israel on the issue of cyber research by agreeing three joint academic ventures.  By pledging … Continue Reading ››
Last year on this blog we reported on the newly-published ISO 27018 - the first global security standard for cloud services. Earlier this year, we compared ISO 27018 with Singapore’s data protection laws (and others) and showed that ISO 27018 will help cloud customers to comply with these laws when using public cloud services. This month, we blogged on the latest market developments and noted that ISO 27018 is becoming the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services.  Cloud customers, CSPs and regulators are using (and benefiting from) this new useful standard around the world.  We expect this to continue as more companies (and more personal data) move to the public cloud services. With thanks to Matthew Hunter, Olswang Associate in the Singapore office, for his contribution to this article.
[Originally posted on ADTEKR.] One of the fundamental lynch pins of current behavioural advertising and targeting technology is a small, non-descript text file stored by the browser of users, the humble cookie. What started off as a piece of technology to allow cross-webpage data transfer and persistent storage of local variables has evolved into the basis of the most powerful advertising technologies across the Internet. However, with tightening regulations, consumer mistrust, lack of relevance in the mobile space and lack of cross-device support, is the day of the cookie coming to an end?

Traditional cookie use

Cookies are traditionally used in desktop environments where they are dropped by advertisers or publishers during the course of consumer interaction with websites. Over time, the reading and writing of such cookies across multiple websites allows advertisers to build up a profile of the consumer in question and allocate them to a specific audience segment, … Continue Reading ››
The Singapore Government has set up The Cyber Security Agency (CSA) of Singapore  which is to be operational from 1 April 2015.  The CSA will be formed under the Prime Minister's Office and will oversee cybersecurity strategy, education and outreach, and industry development. The CSA will replace the functions of the Singapore Infocomm Technology Security Authority (SITSA) which has been monitoring ten sectors including power, transport and telecommunications, as well as taking over some roles of the Infocomm Development Authority (IDA), such as the Singapore Computer Emergency Response Team. Minister for Communications and Information, Yaacob Ibrahim, will be appointed as the Minister-in-Charge of Cyber Security and David Koh, deputy secretary for technology at the Ministry of Defence will be chief executive of the CSA. According to the Singapore Government’s publication, the CSA will bring together and develop the government’s security capabilities currently existing under the Ministry of Home Affairs (MHA) and … Continue Reading ››
On 13 February 2015, President Obama signed an Executive Order strongly promoting (but not compelling) the sharing of cybersecurity information between all types of private and public entities. This approach reflects the belief that the rapid dissemination of accurate intelligence regarding cyber threats will be the best way to cultivate cybersecurity.  Central to this US strategy is the encouragement of private participation, and organisations will have the opportunity to have a say on both the new standards and the standard-setting organization established by Executive Order. The Order builds upon the previous cybersecurity groundwork laid by President Obama’s Executive Order of 12 February 2013 (Improving Critical Infrastructure Cybersecurity) and the key information sharing legislation passed in December 2014: The National Cybersecurity Protection Act 2014 and The Cybersecurity Enhancement Act 2014. In order to facilitate improved cybersecurity, the Order calls for the creation of, and participation in, ISAOs (information sharing and analysis … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  UK policy and regulatory developments
  • Given that passwords are often a weak-point in user security, CERT UK have focused on Windows 10 and Yahoo’s new approach to the topic.  Windows 10 is developing a series of biometric tools (such as fingerprint, facial and iris recognition), whereas Yahoo is developing a system to provide one-time passwords every time a user tries to log in.  See CERT UK’s weekly update for 19 March 2015 here.
  • CERT’s latest weekly update also contains a plug for its recently published 12 page guidance “Cyber Security risks in the supply chain”.  This illustrates recent examples of supply chain compromise, including those arising from third party software providers, website builders, third party data stores and watering hole attacks.
  • The Department for Business, Innovation & Skills has updated … Continue Reading ››