The UK’s Information Commissioner’s Office has, over the course of this week, published various notes of advice and blog posts to organisations and data subjects in respect of the coronavirus (COVID-19) pandemic.
The United Kingdom left the European Union at 11:00 pm on January 31, 2020. However, the UK has entered into transitional arrangements with the EU under which the existing data protection frameworks established by the GDPR, including the EU-US Privacy Shield, will continue to apply until December 31, 2020 (the period until […]
On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]
UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]
The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]
With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete. While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]
On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.
On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding of the adtech ecosystem (with a particular focus on programmatic advertising and real-time bidding) and exploring key themes raised by adtech from a […]
On Thursday, October 18, Cooley’s cyber/data/ privacy practice will be holding GDPR DPO University in our New York office. The EU General Data Protection Regulation has required many organizations to appoint Data Protection Officers. With demand for DPOs far outstripping the supply, many newly-minted DPOs need to quickly develop data […]
Updated September 3, 2019 Our post on key updates to the LGPD can be found here The global data protection landscape continues to evolve, and Brazil is the latest country to enact an omnibus law governing how organizations collect, use, disclose and otherwise process personal data. Beginning on August 16, […]