On the 1st of August a hugely popular website, Reddit, announced that it had been hacked. If you’ve not seen it, Reddit is a vaguely social network (explored further below) where registered members can post links, news and discuss almost anything on a series of message boards. Users need an email address and password but are seemingly anonymous …
One of the key aspects of data protection law is the concept of Data Controllers and Data Processors. In advance of the GDPR enforcement date (25th May), many organisations are seeking to review, update and amend their agreements with suppliers and partners, to ensure that the documentation doesn’t undermine their compliance with GDPR. For GDPR …
Unless you have been living under a rock for the past few weeks, you will have noticed that Facebook’s business practices have been coming under the microscope of public scrutiny. It’s been well-known for a long time among the data protection and marketing communities that Facebook operates by harvesting, generating and acquiring large amounts of …
Facebook and ‘CA’ – not Cambridge Analytica, but Custom AudiencesRead More »
Under powers granted under the DPA 1998, organisations that process personal data had fees levied to fund the ICO’s data protection work unless they were exempt. When GDPR comes into force on 25th May 2018, this will change. The Existing System Under the existing fee structure, most organisations, including charities are required to pay a …
Not App-y Last week, Digital Minister Matt Hancock MP, released an app aimed at members of his constituency, to help them engage and raise subjects of interest with him as their MP. However, within a few hours of its release, it became evident that the app had major flaws which posed a threat to privacy …
As the countdown to the GDPR enforcement date ticks away, organisations are starting to get to grips with their data protection responsibilities. However, a common theme is emerging at conferences, in online discussions and at meetings – the challenges of finding the “right” answers. Data protection law is not a checklist of actions, or a …
The right of an individual to be told whether an organisation is processing their personal data and be given access to that data (“subject access”) is a significant one in data protection law, and was the most common type of concern reported to the ICO in 2016/17. Following the resolution of the legal cases dealing …
Changes to the ICO Subject Access Code of PracticeRead More »
On 27th March 2017, the ICO issued Monetary Penalty Notices to Honda and Flybe, having determined that their approaches to confirming customers’ contact details and marketing preferences were not compliant with PECR (The Privacy & Electronic Communications Regulations 2003). Since these fines were issued, there has been some concern about whether this means that verification …
Updating consent – implications of the Flybe and Honda finesRead More »