Search Results for: Data sharing

The Farage Bank Row: The Power of the GDPR Subject Access Right? 

Dame Alison Rose, the CEO of NatWest, resigned on Wednesday morning after being accused of leaking information on Nigel Farage’s bank account to the BBC. Following a GDPR subject access request, the ex-UKIP leader received information from the bank that contradicted its justification for downgrading his account. Some say that this incident highlights the power … Continue reading “The Farage Bank Row: The Power of the GDPR Subject Access Right? “

The California Consumer Privacy Act (CCPA) and the CPRA: What’s Changed? 

Californian privacy law is about to change once again thanks to the California Privacy Rights Act (CPRA) which will become fully enforceable on 1st July 2023.  The current law is set out in the California Consumer Privacy Act (CCPA) which has been in force since 1st July 2020. CCPA regulates the processing of California consumers’ personal data, regardless of where … Continue reading “The California Consumer Privacy Act (CCPA) and the CPRA: What’s Changed? “

The State of US Privacy Law in 2023 

The United States is making substantial progress on privacy law. Six states have passed comprehensive data protection bills (with at least two more likely to follow) and five of these take effect throughout 2023.   One of the most significant changes to US privacy law comes in the form of the California Privacy Rights Act (CPRA) … Continue reading “The State of US Privacy Law in 2023 “

The TikTok GDPR Fine

In recent months, TikTok has been accused of aggressive data harvesting and poor security issues. A number of governments have now taken a view that the video sharing platform represents an unacceptable risk that enables Chinese government surveillance. In March, UK government ministers were banned from using the TikTok app on their work phones. The United States, Canada, Belgium and … Continue reading “The TikTok GDPR Fine”

TikTok Faces a £27 Million GDPR Fine

On 26 September 2022, TikTok was issued with a Notice of Intent under the GDPR by the Information Commissioner’s Office (ICO). The video-sharing platform faces a £27 million fine after an ICO investigation found that the company may have breached UK data protection law.   The notice sets out the ICO’s provisional view that TikTok breached … Continue reading “TikTok Faces a £27 Million GDPR Fine”

A New GDPR Fine and a New ICO Enforcement Approach

Since May 25th 2018, the Information Commissioner’s Office (ICO) has issued ten GDPR fines. The latest was issued on 30th June 2022 to Tavistock and Portman NHS Foundation Trust for £78,400. The Trust had accidentally revealing 1,781 adult gender identity patients’ email addresses when sending out an email. This is the second ICO fine issued to a Data Controller in these circumstances. In … Continue reading “A New GDPR Fine and a New ICO Enforcement Approach”

Three New GDPR Workshops from Act Now Training

Act Now Training is pleased to announce three new additions to our GDPR workshop series.  Data ethics is increasingly relevant to the role of information professionals. Just because the processing of personal data is lawful does not make it fair or ‘ethical’. And indeed, where something is fair it does not always mean it is lawful. … Continue reading “Three New GDPR Workshops from Act Now Training”

Act Now Training Wins IRMS Award

Act Now Training is proud to announce that it has won the Information and Records Management Society (IRMS) Supplier of the year award for 2021. The awards ceremony took place on Monday night at the IRMS Conference in Birmingham. Act Now was also nominated for two others awards. Congratulations to all the other winners. Ibrahim … Continue reading “Act Now Training Wins IRMS Award”

Lloyd v Google: What DPOs need to know

Last week, the UK Supreme Court handed down its much anticipated judgement in the case of Lloyd v Google LLC [2021] UKSC 50. It is a significant case because it answers two important questions (1) whether US style class action lawsuits can be brought for data protection claims and (2) whether damages can be claimed for … Continue reading “Lloyd v Google: What DPOs need to know”

Law Enforcement Processing and the Meaning of “authorised by law”

In October, there was a decision in the Scottish courts which will be of interest to data protection practitioners and lawyers when interpreting Part 3 of the Data Protection Act 2018 (law enforcement processing)  and more generally the UK GDPR. The General Teaching Council For Scotland v The Chief Constable of The Police Service of Scotland could fairly be described as … Continue reading “Law Enforcement Processing and the Meaning of “authorised by law””