Privacy Update 13th September 2019

In this week’s news:

• The interaction of Data Protection and the UK Government – ICO to probe government over Gov.uk data collection plan.

• The ICO has urged businesses to “prepare for all scenarios” as it publishes dedicated guidance to help small and medium sized organisations prepare.

• Report finds 48% of UK businesses are fully compliant with GDPR.  I suspect it’s close to 0% as its unlikely any organisation will be fully compliant with GDPR.

• Lawyers accuse BA of ‘swerving responsibility’ for data breach after time limit is imposed for compensation claims.

• US Appeals court: LinkedIn can’t block public profile data scraping.

•  IBM-Ponemon “Cost of a Data Breach”  report.
  • Currently, the average length of a data breach lifecycle is 279 days, or slightly more than 9 months. This figure has increased 4.9% from the figure of 266 days in 2018.
  • The report outlines the various “cost amplifiers” of a data breach before examining some of the “cost mitigators”.

• EPIC has released a detailed analysis of the privacy bills in the US Congress and finds they lack basic elements.

• Today sees the last day that amendments to the California Consumer Privacy Act can be voted on before the legislative session closes. The Governor of California then has until October 13^th to sign these into law for an effective date of 1^st January 2020.

• California prohibits the use of facial recognition on a camera worn or carried by a police officer in California for three years.

• Facebook outlines its view on the way forward on data portability and privacy.

• Privacy Shield enters its 3^rd annual review in the shadow of Schrems 2.

• CEOs beg for US-wide federal privacy law… to protect their businesses from state privacy laws.

• Morocco’s data protection agency mandates a 7 month moratorium on facial recognition. (in French)

• Data State Inspectorate of Latvia imposes a financial penalty of 7000 euros against online retailer, citing non-cooperation with the DPA and non-compliance with erasure rights.

• The European Commission will report in 2020 on the 11 adequacy decisions adopted under the Data Protection Directive 95/46/EC.

Earlier Privacy Updates can be found here.