Privacy Update for the 11th January 2020

Following an ongoing battle of 6 years (Schrems II), the Advocate General’s Opinion is that standard contractual clauses for the transfer of personal data to processors established in third countries are valid.

Whilst not legally binding, the Advocate General’s opinion holds weight with the CJEU judges, who will rule in the coming months and follow advisers’ recommendations in four out of five cases.

ICO news

In late December the ICO announced its first fine under GDPR. Doorstep Dispensaree Ltd., a company running a pharmacy based in Edgware in London, was fined £275,000. The ICO also issued an Enforcement Notice against the company requiring it to undertake a program of work to improve its data protection compliance within 3 months.

The ICO also agreed to extend the process relating to its proposed fines to BA (£183m) and Marriott (£99m) until 31 March 2020.

ICO fines DSG (Currys PC World and Dixons Travel) the maximum £500,000 (just pre-GDPR) fine for security failings leading to unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.  

The ICO has moved a step closer to a certification scheme.

ICO updates its approach to the advertising industry although no action imminent.

ICO launches consultations on the draft right of access guidance and draft direct marketing code of practice.

Other news

Norwegian DPA fines the City of Oslo 49,300 for having stored patient data outside the electronic health record system at the city’s nursing homes/health centres from 2007 to November 2018.

Swedish DPA fines €35,000 for carrying out credit information activity in a way that is not in compliance with the law.

UK tribunal rules Ethical veganism is philosophical belief putting it in the special category data status for GDPR.

Travelex suffers ransomware attack leading to computer system going down and  – impacts foreign currency across a number of UK banks.

Equifax fights UK opt-out class action.

UK Cabinet Office publishes home addresses of over 1,000 New Year’s Honours recipients including more than a dozen MoD employees and senior counter-terrorism officers.

Several of the biggest tech companies at CES in Las Vegas this week are putting a special emphasis on user privacy.

Twitter and Microsoft show data privacy is moving from sticking point to selling point.

LifeLabs reveals data breach, possibly affecting up to 15 million Canadians.

Facebook Admits to Location Tracking, Ignoring Privacy Settings.

EU opens door to California data transfer deal.

CNIL requests schools to amend the use of CCTV. (In French)

France’s Constitutional Court has ruled the government can use social media to detect tax avoidance.

Amazons’ Ring camera in the spotlight – Ring rolls out ‘privacy dashboard’ and Amazon axes multiple workers who secretly snooped on netizens’ surveillance camera footage.

Federal Trade Commission Chairman Joe Simons says the time has come for Congress to consider passing a federal privacy law.

Previous Privacy Updates can be found here.

Leave a Comment

Your email address will not be published. Required fields are marked *