The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used...more
On 3 October 2023, the UK’s Information Commissioner’s Office (ICO) published new guidance on workplace monitoring. The previous guidance was issued in 2011, as part of the ICO’s Employment Practices Code, and was badly in...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection? “There is an opportunity for market participants to move towards developing...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity. Key Points- •Given...more
On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing...more
On January 21, 2020, the UK ICO published the final version of its Age Appropriate Design Code (the “Design Code”), which sets out 15 standards that online services should meet to protect children’s privacy....more
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways: Genetic Data- Genetic analysis that includes enough...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more
The UK Information Commissioner’s Office has issued a data sharing code of conduct for public consultation. Key takeaways: When considering sharing data, assess your overall compliance with the data protection...more
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now. As a...more
In recent months, the Office of the Information Commissioner of the UK (“ICO”) has been looking into how personal data is used in real time bidding (“RTB”) in programmatic advertising, involving key stakeholders, including in...more
The UK Data Protection Authority, the Information Commissioner’s Office (ICO), has published an update report on privacy issues around real-time bidding (RTB) and programmatic advertising. ...more
A Data Protection Impact Assessment (DPIA) is a process, required by the EU General Data Protection Regulation (GDPR), to help identify and minimize the data protection risks of a project....more
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies...more