Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data - On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
The Information Commissioner's Office (the "ICO") has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance...more
Healthcare sector organisations are increasingly deploying new technologies that use large amounts of personal information to support both direct care and secondary purposes, such as planning and research. Although these...more
Understanding the ICO’s approach to assessing financial penalties should be a key element of an organisation’s data protection strategy and risk profile. In an era when data protection infringements can tarnish business...more
The UK Information Commissioner’s Office (ICO) has recently published an update on its enforcement efforts in respect of website cookie compliance. It follows a letter the ICO sent in November 2023 to 53 of the top 100 UK...more
There’s so much activity around generative AI! This is a hot topic for us data privacy folks as it presents new challenges for the protection of personal data. Call us sad, but we get very excited about it!...more
This blog notes some of the key features of the Addendum. At its core, the Addendum can be used in relation to both controller BCRs and processor BCRs. Organisations then have a choice as to whether they use the Addendum in...more
The United Kingdom’s Information Commissioner’s Office recently issued guidance on how to keep employment records. This is good advise for employers beyond Europe (and particularly in California). The data retention...more
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner1, in which it upheld an earlier High Court ruling that the UK’s data...more
The Information Commissioner’s Office (ICO), the personal data protection authority in the United Kingdom (UK), is running a public consultation on its draft guidance on biometric data which covers the requirements under the...more
On October 3, 2023, the UK Information Commissioner’s Office (ICO) published updated guidance on monitoring workers. The guidance is designed to help employers think about what they might need to consider under the UK General...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
The ICO has issued a draft guidance on using biometric data and technologies. Who is the guidance aimed at? If your organisation develops or uses biometric technologies, you should familiarise yourself with this guidance....more
Under UK data protection legislation, individuals, also called “data subjects”, have the right to make a data subject access request (DSAR) to organisations that “process” their personal data. Similar rights are required by...more
In recent years, the gambling industry has seen significant growth, with online betting and gaming platforms becoming increasingly popular. However, this rapid expansion has also raised concerns about the potential for money...more
I recently had the chance to visit with Jonathan Armstrong on a recent data breach case that occurred in the health service provider NHS Lanarkshire (Scotland) during the COVID-19 pandemic. This breach serves as a stark...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
The UK Information Commissioner’s Office (“ICO”) has published a report on the evolving nature of neurotechnology and its implications for data protection laws. The report highlights the risks of neurotechnology and sets the...more
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
A challenging economic situation is prompting contentious staffing decisions. The rise of hybrid work has led employers to generate more information in more places about employees. Against this backdrop, more employees are...more
The UK ICO has provided guidance for employers on responding to employee subject access requests. Although much of the content reflects existing guidance, it deals specifically with issues such as requests made in the context...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily...more