Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: Information Commissioner’s Office

Posted in Policy & Regulation Photo of Katie McMullan

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.  The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance. Since the EU legislators shocked the internet world a decade ago by changing the legal requirement for the use of cookies and similar technologies from “notice and opt-out” to “notice and consent”, many businesses have struggled to find a way to

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

Thinking Strategically About Brexit and Data Protection

To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and Leavers will agree: nobody knows exactly what is going to happen. The same is true of the effect of Brexit on UK data protection. However, as Brexit day approaches, it is becoming imperative for those

Posted in Data Protection & Privacy Photo of Sam Choi

UK Parliament Passes New Digital Economy Act

The Digital Economy Bill passed into UK law last Thursday 27 April 2017 amidst the flurry of activity known as the “wash up” period before the dissolution of Parliament and ahead of the early general election in the UK to be held on 8 June. The Digital Economy Act introduces measures to “modernise the UK for enterprise,” and includes plans for public sector data sharing, direct marketing and age verification for online pornography, amongst other measures. An overview of these measures is set forth in this post. As most of

Posted in Data Protection & Privacy Photo of Mac Macmillan

UK ICO Requests Input for Guidance on GDPR Profiling Requirements

The UK ICO has published what it describes as a feedback request on profiling and automated decision-making, with the intention that responses will “help inform the UK’s contribution to the WP29 guidelines due to be published later this year.” Given the growing importance of profiling to most businesses,  companies should consider whether they wish to contribute their views, particularly on areas where they consider more guidance is needed on what GDPR’s requirements mean in practical terms. For example, the GDPR focuses on profiling that has a “legal” or “significant” effect,

Posted in Data Protection & Privacy Photo of Mac MacmillanPhoto of Sam Choi

ICO Issues Fine for Marketing Emails Disguised as Service Messages

The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that: the interpretation by the ICO of what constitutes “marketing material” is very wide; and the ICO will take enforcement action against organisations that seek to circumvent the rules on direct marketing by disguising marketing messages as service messages. Flybe sent emails with

Posted in Data Protection & Privacy Photo of Mac Macmillan

UK ICO Publishes Guidance on Consent Under GDPR

The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year, but reading the guidance makes it clear why the ICO decided to prioritise it: many of the practices which it identifies as unacceptable are fairly common in the UK, meaning many companies are going to have to re-think their approach to legitimising their data processing. A few examples: The new guidance states: “name your

Posted in Data Protection & Privacy Photo of Victoria Hordern

Health Company Fined by UK’s Information Commissioner Office

Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure. In this instance, several data protection compliance issues were at stake – HCA had engaged a subcontractor based in India to process sensitive personal data without putting an agreement in place that met the requirements of the Data Protection Act 1998 (DPA) and without taking steps to ensure an adequate level of protection for data transferred outside the EU. One

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue. The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence