The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
In what will be a surprise move to many, the ICO has issued a statement to UK public electronic communications service providers ("CSPs") regulated by the Privacy and Electronic Communications Regulations 2003 (known as...more
The Information Commissioner's Office (ICO) has published new guidance on direct marketing using electronic mail and live calls, aimed at providing a more detailed overview of the rules on direct marketing as well as...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection? “There is an opportunity for market participants to move towards developing...more
On 10 September 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a...more
The United Kingdom’s Information Commissioner’s Office (ICO) finalized a new Code of Practice (the Code) in September 2020, which applies to most companies that offer online services to or otherwise collect personal data from...more
Recent M&A deals the teams have worked on involving insolvent corporates have highlighted the challenges which exist around the transfer of customer lists and databases, which are often a significant asset for the buyer. ...more
In a recently published blog, the Information Commissioner’s Office (“ICO”) provided an update on its review of the adtech sector and noted that, whilst two key organisations are starting to make changes and many have engaged...more
“Business as usual” for UK-EU data protection transition in 2020. On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January...more
States Consider Privacy and Data Security Legislation - It’s that time of year again, when we see a flood of legislative activity at the state level on privacy and data security laws. A couple of recent examples are below....more
Cookies are files of information which a provider of an online service, such as a website operator, can store on a user’s device. On subsequent visits, the website can access information stored in the cookies to tailor the...more
Probably not. A cookie can qualify as “personal data” under GDPR when it can be linked to an individual person. Even in instances where a cookie cannot be linked, it is still governed by the ePrivacy Directive and...more
On June 20, 2019, the UK's Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection...more
On 17 December 2018, new Regulations came into force meaning that company directors and other corporate officers may be personally fined up to £500,000 for their company’s nuisance calls and similar serious breaches of the...more
Prior to the “Brexit” vote in 2016, the pro-Brexit campaign, Vote Leave, sent almost 200,000 unsolicited texts in violation of the Privacy and Electronic Communications Regulations (PECR), according to a recent settlement it...more
In an ironic twist, the British Information Commissioner’s Office (ICO) recently fined a Brexit advocacy group for violating regulations issued under an EU directive. The fines, totaling £120,000, were levied against...more
The U.K. data protection authority recently fined a lead generation company £90,000 ($118,000) for a 2017 unsolicited email marketing campaign. The company, Boost Finance Ltd, sent over 4 million emails promoting pre-paid...more
As previously discussed, the General Data Policy Regulations (GDPR) created heightened consent standards for companies processing and sharing personal data of EU data subjects. When processing personal data under the GDPR,...more
Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their...more