Right my wrongs

As the Information Commissioner’s Office conducts the fourth part of its consultation on generative AI and data protection focusing on data subject rights, ‘engineering individual rights into generative AI models’, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response, as well as highlighting areas not currently addressed in the draft guidance.

Nicola Cain9 June 2024Data Protection, PERSONAL DATA, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, Information Commissioner, Information Commissioner's Office, ICO, Data Subject Rights, SUBJECT ACCESS REQUEST, DATA SUBJECT ACCESS REQUEST, Data Subject Rights Request, Article 12 UK GDPR, ARTICLE 12(5) UK GDPR, Article 12 GDPR, Article 12(5) GDPR, Article 13 UK GDPR, Article 13 GDPR, Article 14 UK GDPR, Article 14 GDPR, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPR, Article 15 UK GDPR, Article 15 GDPR, Article 16 UK GDPR, Article 16 GDPR, Right to Rectification, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be Forgotten, RTBF, Article 18 UK GDPR, Article 18 GDPR, Right to restriction of processing, Article 19 UK GDPR, Article 19 GDPR, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Web Scraping, AI Training, AI Training Data, AI Transparency, AI Regulation, Generative AI & Data Protection, Engineering Individual Rights into Generative AI Models, Privacy Notice, Privacy PolicyComment

Scraping together a lawful basis

As the Information Commissioner’s Office consults on the lawful basis for web scraping by AI developers to train generative AI models under the UK GDPR, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response.

Nicola Cain1 March 2024Data Protection, Personal Data, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, ARTICLE 6 UK GDPR, Article 6(1)(f) UK GDPR, Legitimate Interests, Legitimate Interests Assessment, Information Commissioner, Information Commissioner's Office, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Intellectual Property, Intellectual Property Rights, Copyright, Copyright Infringement, Web Scraping, AI Training, AI Training Data, Intellectual Property Office, IPO, A pro-innovation approach to AI regulation, Voluntary code of practice on copyright and AI, Sir Patrick Vallance, Pro-Innovation Regulation for Digital Technologies Review, House of Lords Communications & Digital Committee, Report on Large Language Models (LLMs) and Generative AI, Data Mining, Copyright Designs and Patents Act 1988, AI Regulation, Joint statement on data scraping and data protection, Data scrapingComment

Regulation regeneration?

Handley Gill’s consultants respond to the Department for Business and Trade’s consultation on ‘Smarter Regulation and the Regulatory Landscape’, drawing on their experience of advising and representing individuals and regulated entities on data protection, online safety, content regulation, AI, human rights and ESG issues before regulators including the Information Commissioner’s Office, Ofcom and the Competition and Markets Authority (CMA).

It’s a fine life

Handley Gill’s specialist data protection consultants respond to the Information Commissioner’s consultation on its draft Data Protection Fining Guidance, which will replace relevant parts of its Regulatory Action Policy (2018) relating to when the issue of a monetary penalty notice is appropriate and the approach to calculating any fine.

Barely recognisable?

Handley Gill Limited’s consultants respond to the Information Commissioner’s consultation on the draft Biometric Data Guidance Phase 1. We call for clarity on the circumstances in which the deployment of biometric recognition technologies will be considered to be lawful, particularly in the context of employment and the workplace, confirmation that a Data Protection Impact Assessment (DPIA) will always be required when deploying biometric recognition technologies and inclusion of the benefits and risks of biometric recognition. Finally, we argued for greater clarity about the requirements for further processing of special category biometric data.

Licence to hack?

Home Office Minister Lord Sharpe has confirmed that, following intensive lobbying by pockets of the cyber security industry, the government intends to pursue the introduction of a statutory public interest defence to the offences under the Computer Misuse Act 1990 (‘CMA’). Handley Gill Limited’s consultants consider the implications for cyber resilience, the protection of personal data and IP, and the ability of law enforcement to prosecute offences.

Nicola Cain4 July 2023Cyber Security, Cyber Resilience, Hack, Hacking, Computer Misuse Act 1990, CMA, CMA 1990, CMA offence, Home Office, Lord Sharpe, Lord Clement-Jones, Sir Patrick Vallance, Pro-Innovation Regulation for Digital Technologies Review, Data extraction, Public Interest, Public Interest Defence, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, CMA working group, Computer Fraud and Abuse Act, CFAA, Department of Justice, US DoJ, Good-faith security activity, Legitimate cyber security activity, Section 170 Data Protection Act 2018, s.170 Data Protection Act 2018, S.170(2)(c) Data Protection Act 2018, S.170 DPA 2018, Unlawful obtaining of personal data, Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, S.107 Copyright Designs & Patents Act 1988, S.107 CDPA 1988, Copyright, Consultation Response, Statutory defence, Hansard Volume 831 Column 993 03 July 2023, Computer Misuse Act 1990 defence, CMA defenceComment

What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Nicola Cain10 April 2023Cyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment

You know how i feel

Handley Gill Limited, and its specialist data protection consultants, respond to the Information Commissioner’s (ICO’s) consultation on its draft ‘Employment practices and data protection: information about workers’ health guidance, which address the use of special category data concerning health in the context of maintaining sickness, injury and absence records, occupational health schemes, conducting medical examinations and testing (including drug testing) and other health monitoring.

Watch and learn

Handley Gill Limited, and its specialist data protection consultants, respond to the Information Commissioner’s (ICO’s) consultation on its draft ‘Employment practices: monitoring at work’ guidance, which addresses the lawfulness of the use of workplace monitoring and surveillance technologies in the workplace (whether office, home or remote working) and on workers’ devices.

Take Two

Handley Gill Limited’s response to the Information Commissioner’s second consultation on the draft statutory ‘Data protection and journalism code of practice’, on the processing of personal data for the purpose of journalism under the UK GDPR and Data Protection Act 2018. The ICO is obliged by s.124 Data Protection Act 2018 to prepare and submit the code to the Secretary of State at the Department for Digital, Culture, Media & Sport (DCMS) for it to be laid before Parliament.