On 7 August, the UK government released its statement of intent, which set out its proposals for a Data Protection Bill (the “Bill”) to replace the Data Protection Act 1998 (“DPA”) and “bring data protection laws in the UK up to date”.
In the forward to the statement of intent, Matt Hancock, Minister of State for Digital, outlines that the Bill, due to be published in September, will “allow the UK to continue to set the gold standard on data protection”.
The Bill’s primary function will be to bring the EU General Data Protection Regulation (“GDPR”) into domestic law (although technically the GDPR will have direct effect in the UK from 25 May 2018, the government appears to be taking this approach to ensure these new data protection laws will continue to apply following Brexit). A summary of the primary changes that the GDPR will … Continue Reading ››
The current data protection landscape in Indonesia
Until recently, Indonesia has had a largely patchwork approach to personal data protection. There is not currently a singular comprehensive data protection law or regulation; nor, for example, are there any regulations specifically addressing cookies and location data. Overall, the scattered guidance is found in regulations relating to employees; banks; criminal procedures; human rights; health; financial services; and the more detailed Electronic Information and Transactions Law (Law No. 11 of 2008) ("EIT Law
") and its implementing regulations, among others.
In 2012, Indonesia passed Government Regulation 82 ("GR82
"), implementing various aspects of the EIT Law but with a key focus on ensuring that electronic system operators for "public services" use Indonesia-based data-centres. The scope of "public services" is still somewhat unclear but it has the potential to cover both government organisations and certain public-facing private sector businesses (which may include certain organisations in banking, insurance, health, … Continue Reading ››
Recently Datonomy attended the second of two conferences
Draft ePrivacy Regulation on the horizon
Perhaps the headline news from the day was the strong support for the review of the ePrivacy Directive to result in the implementation of a new ePrivacy Regulation (therefore directly effective). It was argued the Regulation should extend the scope of the current ePrivacy Directive to cover new tech including, for example, OTT Providers, publically used private networks and the Internet of Things.
According to the European Commission
the draft proposal … Continue Reading ››
After more than 12 months of debate, the Investigatory Powers Bill (dubbed by the media, like all interception legislation, as the 'Snooper's Charter') passed through its final stages in the House of Lords on 16 November, granting the government surveillance powers described
by US whistle-blower Edward Snowden as "the most extreme … in the history of western democracy.”
The Bill is designed to future proof law enforcement powers in the face of ever-evolving forms of digital communication. It covers the following:
- General privacy protections
- Lawful interception of communications
- Authorisations for obtaining communications data
- Retention of communications data
- Equipment interference
- Bulk warrants
- Bulk personal dataset warrants
- Oversight arrangements
Upon receiving Royal Assent, the date of which is still unclear, the Bill will mark a major overhaul of the UK's regimes on communications data retention and law enforcement access rules. As Datonomy readers will be familiar, the new legislation has been under discussion for many years under successive governments … Continue Reading ››
The Information Commissioner's Office (ICO), the UK's data protection regulator, is cracking down on the online gambling sector's use of personal data to promote online gambling. It has contacted around 400 companies to threaten them with fines of up to £500,000 if they are found to be collecting and using personal data for marketing in a manner which does not comply with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR).
In its press release
, the ICO said it is writing to over 400 companies, all believed to be egaming marketing affiliates, demanding they set out how they use people’s personal details and send marketing texts, including where they got people’s personal information from and how many texts they sent.
What is the ICO worried about?
The ICO has expressed concern that the prolific use of affiliate marketing is resulting in a lack of accountability, … Continue Reading ››
Datonomy contributors have provided comments for this
interesting article by Ellie Burns of Computer Business Review about the data and security threats and challenges (but also opportunities) of virtual reality.
As part of our GDPR readiness webinar series, in this session we will look at the implications on the Executive Search and Recruitment Industry and challenges that the new Regulation (set to apply from 25 May 2018) presents. In particular we will look at the following:
- Who is caught by the Regulation
- What "consent" means and when do you need to get it. How this fits with existing marketing consent rules
- Rules on processing publicly available data as part of the recruitment process
- Notification obligations – what you need to tell candidates and potential candidates and when
- The risks of non-compliance
- Email correspondence
- Q&A Session
Speakers: Jenny Grogan (Senior Associate, Employment, Olswang), Joseph Blass (NotActivelyLooking.com) and Elle Todd (Partner and Head of Digital and Data, Olswang)
Date: Tuesday 8 November 2016
Time: 10am – 11am GMT
To register for this webinar please click here
If you have any questions regarding the webinar please contact the events team firstname.lastname@example.org