Summary The Irish High Court has made a preliminary reference to the Court of Justice of the European Union (“CJEU”), asking whether standard data protection clauses (“standard clauses”) are compatible with the legal rights of data subjects under EU law. Standard clauses are currently used as an appropriate safeguard to facilitate the transfer of personal data outside of the European Economic Area (the “EEA”). The reference to the CJEU comes despite previous decisions from the European Commission (the “Commission”) that have approved their use. It is worth noting that the reference does not invalidate the use of standard clauses for the moment. However, a judgment from the CJEU that does so would have implications for billions of euros worth of trade between the EU and the rest of the world. If the CJEU decides to render the use of standard clauses invalid, this would leave extremely limited scope for compliant data transfers … Continue Reading ››
The ICO on the 4th of July 2017 took a step forward with regards to privacy protection for the UK public from overseas data protection threats and risks, by publishing its first ever International Strategy document. This document supports the earlier ICO 'Information Rights Strategic Plan 2017 - 2021' document and is set to help the ICO meet overseas data protection challenges in a globalised world, including those in relation to key areas such as the GDPR and Brexit. The document sets out what the ICO sees as its main international concerns over the next four years, which are:
- Operating as an effective and influential data protection authority at European level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period.
- Maximising the ICO’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies.
- Ensuring that UK … Continue Reading ››
What's new? After more than 12 months of debate, the Investigatory Powers Bill (dubbed by the media, like all interception legislation, as the 'Snooper's Charter') passed through its final stages in the House of Lords on 16 November, granting the government surveillance powers described by US whistle-blower Edward Snowden as "the most extreme … in the history of western democracy.” The Bill is designed to future proof law enforcement powers in the face of ever-evolving forms of digital communication. It covers the following:
- General privacy protections
- Lawful interception of communications
- Authorisations for obtaining communications data
- Retention of communications data
- Equipment interference
- Bulk warrants
- Bulk personal dataset warrants
- Oversight arrangements
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
- Election special: It will be interesting to see what the new Conservative Government means for cybersecurity. The Conservative manifesto pledged to continue investment in cyber defence capabilities and improve response to cyber crime with reforms to police training (including the use of volunteer “Cyber Specials”). Datonomy will be looking out for new policy announcements - the state opening of Parliament and the Queen’s Speech will be on 27 May. In terms of ministerial appointments which may have a bearing on cyber policy, these include: Matt Hancock, who has replaced Francis Maude as Minister for the Cabinet Office, Oliver Letwin who is in overall charge of the Cabinet Office and Sajid Javid, the new Secretary of State for Business, Innovation and Skills.
- On 7 May the … Continue Reading ››
Although the UK's Information Commissioner handed out monetary penalties for serious breaches of the Data Protection Act for the first time this week, a new survey has suggested that UK consumers support even tougher sanctions for organisations that are guilty of losing personal data. In a poll of 5000 consumers, conducted for LogRhythm by OnePoll, 62 percent of consumers felt that organisations should receive large fines for data loss with 31 percent going as far as to suggest company directors should be subject to criminal proceedings. Further information about the survey and its findings can be found at the following URL: http://www.logrhythm.com/Company/PressReleases/UKsupportscompulsorydatalossdisclosure.aspx