Habemus UK adequacy!

After many debates, lots of speculation, and negotiations, the Adequacy decisions for the United Kingdom have been approved and Personal Data can continue to flow freely from the EEA to the UK after 30 June 2021. In my opinion, it is both right and reasonable that the decisions have been adopted, given that the ...

UPDATE (II): “PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: A COLLECTION OF GUIDANCE ON COVID-19

In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I ...

“Public health AND Privacy” and not “Public health OR Privacy”: A collection of Guidance on COVID-19

Below is an attempt (without the presumption of completeness) to map all the official resources providing guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the COVID-19 pandemic. I genuinely hope this will help in the effort of achieving "Public health AND Privacy"! Stay safe and ...

Successful kick-off of the Data Protection as a Corporate Social Responsibility project

Yesterday, 6 February 2020, the Data Protection as a Corporate Social Responsibility project kick-off meeting was held within the European Centre on Privacy and Cybersecurity (ECPC) within the Faculty of Law at Maastricht University.  The project aims to trigger virtuous data protection competition between companies by creating an environment that identifies and promotes data protection as ...

Brexit and data protection: What’s next?

On 12 December 2019 in the UK general election, Boris Johnson secured his position as UK Prime Minister, with his Conservative party winning its first substantial majority in decades. The results of the election have set the way for the UK to exit the European Union by its scheduled exit date of 31 January 2020.  The results ...

Facebook and the ICO reach agreement

Read the official statement from the ICO here. In 2017 ICO launched a formal investigation of the growing misuse of personal data in the context of political campaigns, after which in 2018, ICO fined Facebook for sum of GBP 500,000 for "suspected failings related to compliance with the UK data protection principles covering lawful ...

ICO’s report updates investigation into the use of data analytics in political campaigns

On 6 November 2018 the ICO published it's report to Parliament (Investigation into the use of data analytics in political campaigns A report to Parliament 6 November 2018). The detailed report serves as an update to the ICO's ongoing investigation into the use of data analytics for political purposes which commenced in May 2017 and whose ...

The risky practice of buying data

Ever more frequently organisations are buying lists for marketing purposes from data brokers without taking necessary data protection-related precautions. This is an extremely risky practice.  As the Information Commissioner's Office points out in it’s recent “Investigation into the use of data analytics in political campaigns Investigation update” report - (see pages 14-15) - organisations must ...

Brexit and the future of data transfers to the UK

On 29 March 2017 Theresa May, the Prime Minister of the United Kingdom, officially invoked Article 50 of the Treaty on European Union, effectively triggering Brexit.  But what does that mean for us as data protection and privacy experts and how will companies be affected by Brexit? The Lisbon Treaty establishes that countries exiting the EU ...