What’s happened? Schrems strikes again. We’re all going to have to find new ways to protect transfers of data to the US – or stop doing it. The ECJ today invalidated the Privacy Shield framework that was cobbled together in 2015 after the ECJ struck down Safe Habour in response to the original lawsuit Max … Continue reading Privacy Shield is dead. Now what?
In the midst of a global pandemic it’s easy to lose sight of any other news stories. Especially when the story in question is not news, but olds. Brexit is, like, so pre-Covid. But Brexit is still happening, and hidden beneath it is a potential elephant trap for anyone in the UK who trades digitally with Europe. The transition … Continue reading Brexit: six months and counting
This is more of a reminder than anything else. I've already blogged about the risks of a hard Brexit from a data protection compliance perspective, and we've featured it in our October newsletter at Securys. But now the ICO has also said similar things, and the government is moving to "full hard-Brexit preparation". So it's … Continue reading Hard Brexit preparation
We were worried this was going to happen. So much so that we flagged it in our October newsletter. This is section 25 of the European Commission's current draft contingency plan for a no-deal Brexit: Personal data25 In the case of a no deal scenario, as of the withdrawal date, the transfer of personal data … Continue reading Well, there you go. We’re inadequate.
Finally, we begin to see some enforcement of the Regulation we all worked so hard to be ready for by May. The ICO has sent an enforcement notice to - of all people - a Canadian data firm linked to the Brexit vote micro-targeting scandal. The regulator contends that AggregateIQ obtained and processed data without … Continue reading Boom! It begins. ICO posts first GDPR enforcement notice.
Here's another thing people are getting wrong. Just because your data isn't stored inside the EEA - wait, you thought it had to be inside the EU? wrong! - doesn't mean you should panic and repatriate it. What you need to do is check whether wherever you've put it has an adequacy decision. A what? … Continue reading Where’s your data? (Second reprise)
What is it? Despite the name, it’s not a feminine hygiene product. It’s the long-awaited replacement for Safe Harbour, the data protection scheme allowing data on EU citizens to be exported to the US for processing. You can read more on this blog about why Safe Harbour needed replacing. When does it take effect? It … Continue reading Privacy Shield – (some of) what you need to know
Bremain or Brexit? This isn’t a political blog, but it’s worth reminding ourselves of June 23rd’s implications for IT & cyber-security. Privacy and personal data Even if we leave the EU, we’ll still have to implement the General Data Protection Regulation, only to have to re-invent it later. If we want to trade with the … Continue reading In or out – the tech perspective
Just a snippet: Experian, the consumer credit rating agency, is touting itself as the next big thing in targeted marketing. Combine your credit history with some recent transaction data and the claim is they’ll be able to predict your future shopping activity. All sounds a bit Big Brother? Sure, and if you’re in advertising or … Continue reading Stifling innovation or protecting privacy?
Microsoft and Amazon have both revealed that they are building data centres in the EU. In Microsoft’s case, Deutsche Telekom will be the data “trustee”; I assume this is in part an anticipatory response to the ongoing Stored Communications Act lawsuit presently in progress in Dublin (in brief, a case to determine whether US government … Continue reading Death of the internet or birth of better privacy?
A bigger picture 