Last week, as part of Olswang's GDPR readiness and Talking Retail webinar series', lawyers from the firm's data protection and retail sector teams hosted a webinar looking at the implications of the GDPR on the use of data by the retail industry during an online transaction. In this session our speakers looked at the following:
- Targeted and non-targeted advertising
- Privacy policies
- Processing customer payment details
- Post purchase analysis
- Data breaches
- GDPR implementation
The webinar was hosted by Katie Nagy de Nagybaczon
, a partner in the Corporate Team, who focuses on the retail, eCommerce and technology sectors. The two speakers were:
- Sven Schonhofen, an associate in the Commercial Team of the Munich office. He specializes in advising clients in all areas of IT law, in particular on data protection law.
- Emily Dorotheou, an associate in the Commercial Team who has experience of working on procurement, technology and logistics contracts for a variety of retail and technology clients.
Please follow this … Continue Reading ››
After more than 12 months of debate, the Investigatory Powers Bill (dubbed by the media, like all interception legislation, as the 'Snooper's Charter') passed through its final stages in the House of Lords on 16 November, granting the government surveillance powers described
by US whistle-blower Edward Snowden as "the most extreme … in the history of western democracy.”
The Bill is designed to future proof law enforcement powers in the face of ever-evolving forms of digital communication. It covers the following:
- General privacy protections
- Lawful interception of communications
- Authorisations for obtaining communications data
- Retention of communications data
- Equipment interference
- Bulk warrants
- Bulk personal dataset warrants
- Oversight arrangements
Upon receiving Royal Assent, the date of which is still unclear, the Bill will mark a major overhaul of the UK's regimes on communications data retention and law enforcement access rules. As Datonomy readers will be familiar, the new legislation has been under discussion for many years under successive governments … Continue Reading ››
The Information Commissioner's Office (ICO), the UK's data protection regulator, is cracking down on the online gambling sector's use of personal data to promote online gambling. It has contacted around 400 companies to threaten them with fines of up to £500,000 if they are found to be collecting and using personal data for marketing in a manner which does not comply with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR).
In its press release
, the ICO said it is writing to over 400 companies, all believed to be egaming marketing affiliates, demanding they set out how they use people’s personal details and send marketing texts, including where they got people’s personal information from and how many texts they sent.
What is the ICO worried about?
The ICO has expressed concern that the prolific use of affiliate marketing is resulting in a lack of accountability, … Continue Reading ››
On 14 July 2016, the US Court of Appeals for the Second Circuit ruled that Microsoft cannot be forced by US law enforcement to hand over customer emails stored in its Ireland data centre. At stake were fundamental questions about privacy in the cloud. The decision has been hailed by the technology sector and privacy campaigners around the world as a global milestone for the advancement of laws balancing the legitimate interests of law enforcement and individuals' right to privacy. But what does a US Court decision about data on a server in Ireland mean for cloud in Asia? In this post, we look at the Court's decision and why it is good news for the whole cloud ecosystem in Asia.
What was the case about?
The case centred on a warrant issued by US law enforcement in a narcotics case. The warrant required Microsoft to hand over emails that were stored … Continue Reading ››
The new Prime Minister won't have welcomed the publication yesterday of the European Court of Justice (ECJ) advocate general's legal opinion
since it has potentially worrying implications for her Investigatory Powers Bill (dubbed by the media as the 'Snooper's Charter') and UK data transfers in a post-Brexit era.
In a case initiated by a member of her own cabinet (David Davis, now minister for Brexit resulting in him dropping his name from the action at the beginning of this week), Labour MP Tom Watson and others, the matter concerned the data retention obligations placed on electronic communications services under the Data Retention and Investigatory Powers Act (DRIPA). The ECJ case linked these proceedings with a Swedish case on a similar point.
First it is worth noting that the Advocate General's opinion is not
legally binding and is only a recommendation. However it is often followed by the ECJ and his comments … Continue Reading ››
With the fast-moving nature of automotive technology, there is no doubt that automotive transport is soon set to become very different. Connecting cars to the internet creates an opportunity for several new business models fed by thousands of apps and data flows, and autonomous connected cars will allow drivers to use the internet in a self-driving car in the same way as they would at home or at work. The use of data collected by machine learning algorithms allows these cars to deliver a personalised customer experience to drivers and passengers, however this creates privacy issues in relation to personal data usage, and the only way for the Internet of Things (IoT) to reach its full potential for innovation is by building consumer trust. The EU legal framework is developing in respect of data protection, particularly with the EU General Data Protection Regulation coming into force in 2018, and the … Continue Reading ››
In all the excitement last week over the European Parliament's approval of the General Data Protection Regulation
(GDPR) and the US Privacy Shield
, you may have missed that the European Commission published a consultation
on Monday 11 April regarding the ePrivacy Directive
. Don't worry though, here is what you need to know:
What is the purpose of the consultation?
The consultation forms part of the Commission's Digital Single Market (DSM) Strategy
and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent
requirement, so many people are likely to want to input. It also contains rules on breach notification
, consents for marketing by electronic means and use of traffic and location data
The Commission … Continue Reading ››