Included in this issue of data protection and privacy news:  Business as usual for data protection? Changes may be on the horizon...; ICO publishes final Age Appropriate Design Code; CDEI calls for overhaul of social media regulation following analysis of public attitude and more...


Business as usual for data protection? Changes may be on the horizon...

During the Brexit transition period, it has been confirmed that it will be business as usual for data protection, with GDPR continuing to apply. 

Companies and organisations that process personal data are still obliged to follow the ICO's existing guidance and of course legislation in relation to their data protection obligations. Importantly for now, if they offer goods or services to individuals within the EU, then they do not need to appoint a European representative. 

The UK's continued and consistent approach to GDPR compliance supports the case for UK's application for adequacy status in relation to the transfers of data outside the EEA. However, the Government earlier this week potentially put this into question as Boris Johnson released a statement revealing that the data protection framework post-Brexit will not necessarily follow that of the EU. 

ICO publishes final Age Appropriate Design Code

The ICO has published its final Age Appropriate Design Code, a statutory code which sets out standards to protect children's privacy online. 

The standards, rooted in the GDPR, are aimed at those responsible for designing, developing or providing online services such as social media platforms, online games and connected toys and covers services likely to be accessed by children were their personal data is processed. 

Digital services will be required to automatically provide children with a built-in baseline of data protection, location settings should be switched off by default, nudge techniques should not be used to encourage children to weaken their settings and data collection and sharing should be minimised. 

The Code is the first to be seen in this area, however, the USA, Europe and the Organisation for Economic Co-operation and Development are currently considering reform. 

CDEI calls for overhaul of social media regulation following analysis of public attitude 

The Centre for Data Ethics and Innovation (CDEI), the UK's independent advisory body on the ethical use of AI and data driven technology, has revealed strong public support for greater regulation of online platforms following a year long review of online targeting systems. 

In line with the trends seen across the data protection landscape, the CDEI's published recommendations emphasise an increase in accountability and transparency of online platforms and empowering users to take control of how they are targeted. These include new systematic regulation of online targeting systems, powers to compel platforms to allow independent researchers access to their data and steps to assist long-term wholesale reform of online targeting to allow individuals greater control.

UK government allows Huawei to have limited role in the UK's 5G network

Chinese technology company, Huawei, has been given a limited role in the UK's 5G network despite security concerns from other countries. 

The UK government has issued conditions to Huawei, which see Huawei excluded from all safety related and safety critical networks and sensitive geographic locations as well as a 35% cap on the periphery of the 5G network.

Dominic Rabb, the Foreign Secretary, has said the decisions "would have no impact on intelligence sharing with key allies such as the US, Canada, Australia and New Zealand", however a senior Trump administration official has stated that the US director of national intelligence will need to conduct a thorough review of US-UK intelligence sharing. 

ISA fines Eni Gas E Luce EUR 11.5m for unsolicited telemarketing and contracts

The Italian Supervisory Authority (ISA) has issued Eni Gas and Luce (Egl) two fines totalling EUR 11.5m for unsolicited telemarketing and contracts. 

A fine of EUR 8.5m was imposed for unlawful processing in connection with telemarketing and teleselling activities after the ISA received numerous complaints when GDPR came into force. 

The second fine of EUR 3m was imposed for breaches of unsolicited contracts for the supply of electricity and gas under free market conditions following complaints from many individuals that they were only aware of a new contract on receiving a letter of termination from the previous supplier of their first Egl bill. 

The ISA has ordered Egl to take several corrective measures within a set timeframe and pay the fines within 30 days.

Whitepaper highlights the need for greater cyber security in retail

Axis Communications, a leader in manufacturing of network video technology, has published a whitepaper highlighting the need for greater cyber security in retail.

Attacks from cyber criminals has grown for those retailers with inadequately secured systems, with 19 significant data breaches reported in the last 12 months. 

The whitepaper also stresses the importance of protection against system vulnerabilities by working with trusted vendors who install technology that is "Secure by Default".

Key Contacts

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile