By

Eleanor Dodding

13 February 2020

French CNIL Publishes Draft Guidance on Cookie Consent

On January 14, 2020, the French data protection authority, the CNIL, proposed a consultation on its draft recommendations on practical ways to collect website user consent for cookies and similar technologies (the “Recommendations”). The Recommendations follow the publication in July 2019 of updated guidance on cookies, including requirements for obtaining GDPR-standard consent, by various European data protection authorities, including the CNIL and the ICO (the latter guidance was reported by Data Matters here). The CNIL has since undertaken a consultation to develop practical methods to obtain user consent.

(more…)

EmailShare
09 January 2020

ICO Delays British Airways and Marriott GDPR Fines

Further to the publication of the ICO’s notices of intention to fine British Airways and Marriott in July 2019, the ICO has recently issued a statement delaying the issuance of both GDPR fines which had originally been expected by the end of 2019. (The ICO’s initial notices of intention to fine had stated that British Airways would face a fine of £183m ($228m) and Marriott, a fine of £99m ($123m). We reported on these here: British Airways and Marriott.)

(more…)

EmailShare
04 November 2019

Website Cookie Consent: Is the Cookie Starting to Crumble?

Two important decisions have recently occurred relating to website operators’ use of cookies.  First, the Court of Justice of the European Union (the “CJEU” or the “Court”) has issued its judgment in Planet49, a case which looked at the standards of consent and transparency for the use of cookies and similar technologies in the context of the e-Privacy Directive and the GDPR and determined that opt-out consent, by way of a pre-ticked checkbox, was insufficient to obtain GDPR-standard consent for non-essential cookies.  Second, the Spanish data protection authority, AEPD, fined Vueling, a Spanish airline, €30,000 for forcing visitors to its website to accept the use of non-essential cookies on their device in order to continue viewing the website.

We set out below our summaries and key takeaways from both decisions which help to highlight the latest approach of both the courts and European data protection regulators in relation to cookie consent.

(more…)

EmailShare
09 August 2019

UK ICO Issues New Draft Data Sharing Code of Practice

The UK’s Information Commissioner’s Office (“ICO”) has recently issued a draft version of its statutory code of practice for sharing of personal data between controllers under the GDPR and the UK Data Protection Act 2018 (“DPA”) (the “Draft Code”) which provides a number of practical recommendations which controllers should take into account when sharing personal data.

(more…)

EmailShare
24 July 2019

European Commission Publishes Ethics Guidelines for Trustworthy Artificial Intelligence

The High-Level Expert Group on Artificial Intelligence (“AI HLEG”), an independent expert group set up by the European Commission in June 2018 as part of its AI strategy, has published its final Ethics Guidelines for Trustworthy Artificial Intelligence (“AI”) (the “Guidelines”).

These Guidelines form part of a wider focus by the Commission on AI, with President-elect of the European Commission, Ursula von der Leyen commenting most recently on July 16, in her proposed political guidelines, that: “In my first 100 days in office, I will put forward legislation for a coordinated European approach on the human and ethical implications of Artificial Intelligence…”.

(more…)

EmailShare
17 July 2019

Another UK ICO GDPR Privacy Fine of £99m ($123m) Proposed Just One Day After the Largest Ever

Just a day after the ICO provided notice of its intention to fine British Airways £183m ($228m) over a separate breach (please see our blog post here), on Tuesday, July 9, 2019, the ICO released another statement of its intention to fine Marriott International, Inc. (“Marriott”) over £99m ($123m) in relation to a security incident affecting the Starwood reservation database which Marriott had acquired in 2016 and discovered in November 2018. The statement came in response to Marriott’s filing with the US Securities and Exchange Commission that the ICO intended to fine it for breaches of the GDPR.

(more…)

EmailShare
11 July 2019

UK ICO Publishes New Guidance on the Use of Cookies and Similar Technologies

On 3 July 2019, the UK’s Information Commissioner’s Office (“ICO”) published new guidance on cookies and similar technologies (“Guidance”) in conjunction with a new blog post: “Cookies – what does ‘good’ look like?” which aims to provide “myth-busting” advice on common cookies uncertainties. You can find a full copy of the new guidance here and a link to the ICO’s blog post here. With its new Guidance, the ICO has formally recognised the stricter standards of consent and transparency now in force under the GDPR.

(more…)

EmailShare
31 May 2019

GDPR: One Year On

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“GDPR”) came into force. For most in privacy, involvement with the GDPR has been ongoing for well over this year, but on the first anniversary of the GDPR we take an opportunity to look back and reflect on where we are now in relation to some key areas of interest including enforcement action, privacy litigation, breach notification and developing guidance from the European Data Protection Board (“EDPB”).

(more…)

EmailShare
28 February 2019

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

The UK Financial Conduct Authority (“FCA”) has carried out a multi-firm review of cybersecurity practices with a sample of 20 firms in the wholesale banking and asset management sectors (the “Report”). The review aimed to look more closely at how wholesale banking and asset management firms oversee and manage their cybersecurity, including the extent to which firms identify and mitigate relevant cyber risks and their current capability to respond to and recover from data security incidents.

(more…)

EmailShare
28 January 2019

European Commission Provides a Summary of the GDPR so far for Data Protection Day 2019

On January 25, 2019, the European Commission published a statement to mark Data Protection Day (January 28, 2019) which, this year, comes eight months after the entry into force of the General Data Protection Regulation (“GDPR”) on May 25, 2018.

The statement indicates that the European Commission considers the GDPR to have had a positive effect, in particular because European citizens are now more conscious of the importance of data protection and of their rights. The European Commission also notes that the Data Protection Authorities (“DPAs”) are enforcing the new rules and better coordinating their actions in the European Data Protection Board. (more…)

EmailShare
XSLT Plugin by BMI Calculator