Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
On December 12 2024 the ICO published an outcomes report on its 2024 generative AI consultation series (the Report). The Report addresses five key areas regarding generative AI and its relation to data protection: -...more
On 5 September 2024, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO), and the UK National Crime Agency (NCA) signed a Memorandum of Understanding (MoU) outlining how they will further collaborate...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
Hogan Lovells’ Privacy and Cybersecurity team have made a formal submission to the Information Commissioner’s Office consultation on how organisations can continue to protect people’s personal data when it is transferred...more
On June 7, 2021, the European Commission (Commission) published its long-awaited Implementing Decision adopting standard contractual clauses for the transfer of personal data to third countries referred to as the new Standard...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
13 January 2021 – EU supervisory authorities response to UK cross-border transfers - Following the finalisation of the TCA, a number of supervisory authorities in the EU issued statements in response. In addition, on 13...more
With the end of the Brexit transition period rapidly approaching and the United Kingdom (UK) poised to become a “third country” after it leaves the European Union (EU), the UK and the EU have yet to reach any “deal” on how...more
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
Following its Guidance issued on April 6, 2020, the Irish Data Protection Commission signaled its intent to begin enforcement against companies who fail to adhere to the Commission’s guidelines on the use and management of...more
As lockdown restrictions ease and businesses begin to reopen, the UK Information Commissioner's Office (ICO) has set out the key steps organizations need to consider around the use of personal information. They are:...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
We expect national and international privacy regulators to take a pragmatic and reasonable approach to helping organisations navigate data protection compliance during the current COVID-19 crisis. This week, both the European...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more
As highlighted by our new Privacy 2040 initiative, there have never been more opportunities to shape the existing and future privacy and cybersecurity legal framework. ...more
Now that Exit Day on 31st January is drawing close attention is focussing on what will happen during the transition period that will run from 31St January until the end of the year. ...more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
Any doubt that the world of data protection changed profoundly when the European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, were solidly dispelled when the United Kingdom’s Information...more
On 8 July 2019, the U.K. Information Commissioner’s Office (ICO) issued a Notice of Intent to fine British Airways (BA) £183.39 million (approximately $232 million). While the Notice of Intent, as the name suggests, is not a...more