All posts by Anna Soilleux

The latest responses by the UK government and the ICO to the EU reform proposals will (mostly) resonate with businesses concerned about some of the more far-reaching changes. The latest developments and time line Datonomy has been taking stock of two recent UK developments: the Government's response to the Justice Select Committee's opinion on the European Data Protection framework proposals published by the MOJ on 11 January, and the "latest views from the ICO" 2 –pager  on 22 January. Datonomy readers are no doubt au fait with the intricacies of the EU legislative process, but may nonetheless enjoy the blog post by Deputy Commissioner David Smith with its helpful insight into the current state of play and user friendly time line. Despite the strength of the European Parliament's support for the Commission's proposals, it still has a way to go, procedurally speaking. And not everyone shares the EP's wholehearted support for every aspect … Continue Reading ››
The Information Commissioner's Office (ICO) has this week served Ealing Council and Hounslow Council with fines of £80,000 and £70,000 respectively for serious breaches of the Data Protection Act (DPA) following the loss of two unencrypted laptops containing sensitive personal data. Ealing Council provides an out of hours service on behalf of both councils, which is operated by nine staff who work from home.  Personal details of 1,700 individuals were lost when the laptops were stolen from an employee’s home.  The laptops were password protected but unencrypted – in breach of both councils' policies on encryption. Ealing Council was found to be in breach of the DPA by issuing an unencrypted laptop in breach of its own data security policy.  The ICO also found that the council had insufficient checks in place to ensure that the relevant policies were being complied with and were understood by staff.  Hounslow Council was found to … Continue Reading ››
The Information Commissioner's Office is considering flexing its enforcement powers in relation to Google's inadvertent collection of "pay-load" data from WiFi networks.  Datonomy was surprised that the ICO's initial report in July took a very lenient view of the issue.  The ICO described its approach at the time as "responsible and proportionate"; others described it as "farcical".  Possibly egged on by its counterparts in Germany, Spain and the Czech Republic to name but a few, the ICO yesterday released this statement: "Earlier this year the ICO visited Google's premises to make a preliminary assessment of the "pay-load" data it advertently collected whilst developing Google Street View. Whilst the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await findings of, the investigations carried out by our international counterparts. "Now that … Continue Reading ››
Bad privacy press has been plaguing Facebook for some time. The bad news for Mark Zuckerberg this week was delivered in the form of a Wall Street Journal reportwhich claimed that some of the most popular third party apps on Facebook have been transmitting users' personal data to advertising companies and data brokers in breach of Facebook's developer policy.  The WSJ reported some of the most popular applications, including Farmville (which has a whopping 59 million users), Frontierville and Texas HoldEm Poker were making available the unique Facebook user identifications (UIDs) to 25 advertising and data companies, and some transferred information relating to users' friends.  This was even possible where the user had made the information in their profile private.  The Facebook UIDs can be used to retrieve a Facebook user's real name and any information on their profile to which access was not restricted by that user's privacy … Continue Reading ››
This month, BIS published a consultation entitled "Implementing the revised EU electronic communications framework: Overall approach and consultation on specific issues".  The consultation sets out, inter alia, the Government's approach to the implementation of the revised E-Privacy Directive.  The Government is seeking views on the changes required by the Directive, which include:
  • the establishment of a system for notifications to the Information Commissioner in the event of a personal data security breach
  • the introduction of "effective, proportionate and dissuasive penalties" for any infringements of the provisions of the revised Directive
  • a new opt-in requirement for cookies, from a "right to refuse" to obtaining consent
 Website owners and online advertising providers will be pleased with the Government's position on the implementation of the opt-in requirement for cookies.  The Government rejects the establishment of an opt-in system which would mean that users would have to consent to every cookie placed on their computer.  Instead, it intends … Continue Reading ››
Germany's Interior Minister, Thomas de Maizière, has announced that Germany plans to strengthen its privacy laws in response to public concerns over Google Street View.  The statement was made following a meeting with Google and other companies on Monday.  Mr de Maizière said the government would introduce the new privacy code at a government information-technology summit in December. Google and other interested parties have been asked by the government to submit suggestions for self-regulation between now and the summit.  "I expect the services to commit to strong privacy rules," said Mr. de Maizière.  Google's statement said, "Any future legislation must make sure that in addition to the requirements of data protection, the development of innovative business opportunities and modern technology are allowed to flourish." But added it was willing to "contribute constructive conversations" around the debate.  Germany is not the only country where Google Street View has run into political and legal … Continue Reading ››