Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner1, in which it upheld an earlier High Court ruling that the UK’s data...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
On 18 July 2022 the Data Protection and Digital Information Bill (the Bill) was introduced for discussion into parliament, in one of the UK's first drives towards data protection reform after Brexit....more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework. The U.K. government has signalled its...more
Since the General Data Protection Regulations ("GDPR") came into force in 2018, companies in the United Kingdom (UK) that have suffered cybersecurity attacks often face civil claims from individuals whose data has been...more
With the end of the Brexit transition period rapidly approaching and the United Kingdom (UK) poised to become a “third country” after it leaves the European Union (EU), the UK and the EU have yet to reach any “deal” on how...more
Hot on the heels of the £20 million fine issued to British Airways, the Information Commissioner’s Office (“ICO“) has issued Marriott International Inc. (“Marriott“) with a long-awaited penalty notice for its failure to...more
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history. In August 2018, British Airways (BA) was subject to a cyberattack which breached the...more
On April 15, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority, issued further guidance on its regulatory approach during the global COVID-19 pandemic. Following its March note that we...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more
As the United Kingdom (UK) rapidly approaches a potential exit (BREXIT) from the European Union (EU), confusion abounds as to the applicability of the revolutionary data privacy rules of the EU’s General Data Protection...more
Now that Exit Day on 31st January is drawing close attention is focussing on what will happen during the transition period that will run from 31St January until the end of the year. ...more
The other GDPR shoe has dropped… with the European data protection law being enforced against a Canadian company. Since the sweeping law went into effect on May 25, 2018, the digital world has been waiting for enforcement...more
The General Data Protection Regulation (GDPR) imposes strict obligations upon organizations that process the “personal data” of European individuals. Failure to comply with GDPR can result in large fines. The UK’s Information...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss Poland's potential exemptions from the new EU data law and the Office of the Comptroller of the Currency's recommendations for U.S. banks faced with...more
TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority). Significantly the fine was imposed after a...more