Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged ICO
Every little bit of data helps?
Every little bit of data helps?

While the sale of marketing lists is generally prohibited, as retail insolvencies increase Handley Gill’s specialist data protection consultants analyse the Information Commissioner’s laissez-faire approach to the purchase and use of the CRM databases of companies in administration and consider the opportunity this offers to administrators and potential purchasers of distressed businesses by reference to the recent case studies of Tesco’s purchase of Paperchase’s assets and the sale of The Body Shop’s assets.  

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, MARKETING, Direct Marketing, Email Marketing, Insolvency, Distress Business, Administration, Administrators, Mergers and Acquisitions, M&A, Corporate Law, Asset Sale, Asset Purchase, Share Purchase, Share Sale, Retail, IP, IPR, Intellectual Property, Intellectual Property Rights, CRM, CRM Database, ICO, Information Commissioner, Information Commissioner's Office, Data Protection Enforcement, Lawful Basis for Processing, ARTICLE 6 UK GDPR, Article 6(1)(f) UK GDPR, Legitimate Interests, Consent, Article 6(1)(a) UK GDPR, Distressed BusinessComment
[Regulators] hold back… galvanise
[Regulators] hold back… galvanise

Unlike the Chemical Brothers, Prime Minister Keir Starmer called on regulators to hold back in order to galvanise economic growth in his speech to the International Investment Summit on 14 October 2024. We consider the implications for UK regulation of artificial intelligence (AI), digital markets and data protection by the ICO, CMA and Regulatory Innovation Office, and forthcoming legislation.

Read More
Nicola CainRegulation, Artificial Intelligence, AI, AI Regulation, Digital Markets, Digital Markets Regulation, ICO, Information Commissioner, Information Commissioner's Office, CMA 1990, CMA, Competition & Markets Authority, Labour Party, Sir Keir Starmer, Prime Minister, Department for Science Innovation & Technology, DSIT, Peter Kyle, Secretary of State for Science Innovation & TechnologyComment
Not so instant compliance
Not so instant compliance

As Meta announces the introduction of Instagram Teen Accounts for users in the UK, USA, Canada and Australia, Handley Gill’s specialist data protection and online trust and safety consultants consider the global laws and regulations that have spurred this change, and the role of the Information Commissioner’s Children’s Code aka the Age Appropriate Design Code, the UK Online Safety Act 2023, the US’ Kids Online Safety Act (‘KOSA’) and the Children and Teen’s Online Privacy Protection Act (‘COPPA 2.0’).

Read More
Nicola CainOnline Safety, Online Harms, eSafety, Online Safety Act 2023, Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Children's Code, Age Appropriate Design Code, Social Media, Information Society Services, CHILDREN, Children's Data, Likely to be accessed by children, Trust and Safety, Privacy Settings, Meta, Instagram, Teen Accounts, KOSA, Kids Online Safety Act, Age Assurance, Age Verification, Enforcement, Data Protection Enforcement, Children and Teen’s Online Privacy Protection Act, COPPA, COPPA 2.0, Children's Code Strategy, ICO Children's Code Strategy, Protecting Children's Privacy Online, SMPs, Social Media Platforms, VSPs, Video Sharing Platforms, Platform Liability, Ofcom, Protecting Children from Harms Online, Children's Safety CodeComment
Another bauble for the tree?
Another bauble for the tree?

The UK government has today (05 September 2024) joined the US, EU and other countries in signing the Council of Europe’s Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. Handley Gill’s specialist artificial intelligence (AI) consultants consider the implications of this statement of intent for the UK’s current and proposed legislation as announced in the King’s Speech 2024, and what new laws and amendments will be necessary to enable the UK to meet the AI Treaty’s obligations.

Read More
Nicola CainArtificial Intelligence, AI, AI Regulation, AI Governance, Council of Europe Framework Convention on Artificial Intelligence and Human Rights Democracy and the Rule of Law, AI Treaty, Labour Party Manifesto 2024, King's Speech 2024, EU AI Act, Human Rights, Equality, Discrimination, Privacy, Data Protection, PERSONAL DATA, Human Rights Act 1998, Equality Act 2010, Data Protection & Digital Information Bill, Digital Information and Smart Data Bill, Democracy, Rule of Law, AI Systems, Online Safety Act 2023, Disinformatoin, Transparency, Liability, Redress, ICO, Information Commissioner, Equality and Human Rights Commission, Digital Regulation Co-operation Forum, DRCF, AI Regulation White Paper, Accuracy, Reliability, AI Safety, AI Security, Risk Management, AI Safety Institute, DisinformationComment
Security guaranteed?
Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Read More
Nicola CainData Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment
Right my wrongs
Right my wrongs

As the Information Commissioner’s Office conducts the fourth part of its consultation on generative AI and data protection focusing on data subject rights, ‘engineering individual rights into generative AI models’, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response, as well as highlighting areas not currently addressed in the draft guidance.

Read More
Nicola CainData Protection, PERSONAL DATA, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, Information Commissioner, Information Commissioner's Office, ICO, Data Subject Rights, SUBJECT ACCESS REQUEST, DATA SUBJECT ACCESS REQUEST, Data Subject Rights Request, Article 12 UK GDPR, ARTICLE 12(5) UK GDPR, Article 12 GDPR, Article 12(5) GDPR, Article 13 UK GDPR, Article 13 GDPR, Article 14 UK GDPR, Article 14 GDPR, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPR, Article 15 UK GDPR, Article 15 GDPR, Article 16 UK GDPR, Article 16 GDPR, Right to Rectification, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be Forgotten, RTBF, Article 18 UK GDPR, Article 18 GDPR, Right to restriction of processing, Article 19 UK GDPR, Article 19 GDPR, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Web Scraping, AI Training, AI Training Data, AI Transparency, AI Regulation, Generative AI & Data Protection, Engineering Individual Rights into Generative AI Models, Privacy Notice, Privacy PolicyComment
Time to regenerate
Time to regenerate

The Information Commissioner’s fourth call for evidence in its Generative AI consultation series on ‘engineering individual rights into generative AI models’ suggests that generative AI model developers should regenerate their privacy policies to ensure that they provide individuals with sufficient information to ascertain whether they have been affected by the web scraping of their personal data.

Read More
Nicola CainData Protection, Personal Data, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Article 14 UK GDPR, Article 14(5)(c) UK GDPR, Artificial Intelligence, AI, AI Regulation, Generative AI, Generative Artificial Intelligence, Large Language Models, Web Scraping, Intellectual Property, Intellectual Property Rights, Copyright, Privacy Policy, Privacy Notice, GDPR, Article 14 GDPR, Article 14(5)(c) GDPR, Consultation, Information Commissioner, Information Commissioner's Office, ICO, PSED, Generative AI & Data Protection, Engineering Individual Rights Into Generative AI Models, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPRComment
Labouring under an illusion?
Labouring under an illusion?

Handley Gill’s consultants reflect on the openDemocracy conference ‘Where are we now with the Freedom of Information Act?’, held on Friday 08 March 2024 at the Institute of Advanced Legal Studies, where Labour Shadow Attorney General Emily Thornberry MP gave the keynote speech outlining Labour’s position on FOIA, openness and transparency and the ICO warned of the potential for more stringent enforcement.

Read More
Nicola CainAccess to Information, Information Rights, Freedom of Information Act 2000, FOIA, FOI, Environmental Information Regulations 2004, EIRs, Information Commissioner, Information Commissioner's Office, ICO, Shadow Attorney General, Emily Thornberry MP, Labour Party, openDemocracy, Institute of Advanced Legal Studies, IALS, Freedom of Information Statistics: annual 2022 bulletin, Transparency, John Edwards, Freedom of Information Act 2000 Post-Legislative Scrutiny, Independent Commission on Freedom of Information, Freedom of Information statistics: July to September 2023 bulletin, Public authority, Regulatory Enforcement, Enforcement Notice, Practice Recommendation, Institute for Government, OECD, Organisation for Economic Co-operation and Development, OURdata Index, Open Useful and Re-Useable Data Index, Openness, The benefits of transparency: Why being more open is good for government, Publication Scheme, Section 19 Freedom of Information Act 2000, s.19 FOIA, Section 54 Freedom of Information Act 2000, S.54 FOIA, ContemptComment
AI regulation in the UK: in out in out shake it all about
AI regulation in the UK: in out in out shake it all about

Handley Gill’s consultants analyse the Government’s response to its consultation on the White Paper ‘A pro-innovation approach to AI regulation’, published on 06 February 2024, and its implications for AI developers and UK creators, business and the public, identifying the steps the Government has committed to take.

Read More
Nicola CainAI, Artificial Intelligence, Artificial Intelligence (Regulation) Bill, A pro-innovation approach to AI regulation, Department for Science Innovation & Technology, AI Governance, AI Regulation, AI Risk, AI Risk Assessment, AI Safety, EU AI Act, AI Act, AI Regulation White Paper, House of Lords Communications & Digital Committee, Large Language Models & Generative AI, Large Language Models, LLMs, Generative AI, Ofcom, Information Commissioner's Office, Information Commissioner, ICO, EHRC, Equality and Human Rights Commission, CMA, Competition & Markets Authority, Digital Markets Competition & Consumers Bill, Data Protection & Digital Information Bill, DPDI Bill, Data Protection, Discrimination, Bias, Cyber Security, Ofsted, Office for Product Safety & Standards, AI Regulatory Principles, 5 AI Regulatory Principles, Centre for Data Ethics and Innovation, CDEI, Responsible Technology Adoption Unit, Employment Law, HR, Human Resources, Recruitment, Automated Processing, Automated Decision Making, Safety Security & Robustness, Appropriate transparency and explainability, Fairness, Accountability & Governance, Contestability and redress, Copyright, Copyright Infringement, Intellectual Property, Intellectual Property Rights, IPR, Misinformation, Disinformation, Online Safety Act 2023, AI Management Essentials Scheme, AI Security, AI Safety Institute, Human Rights, Human Rights Act 1998Comment
It’s a fine life
It’s a fine life

Handley Gill’s specialist data protection consultants respond to the Information Commissioner’s consultation on its draft Data Protection Fining Guidance, which will replace relevant parts of its Regulatory Action Policy (2018) relating to when the issue of a monetary penalty notice is appropriate and the approach to calculating any fine.  

Read More
Nicola CainData Protection, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DPA 2018, DATA PROTECTION ACT 2018, Data enforcement, Penalty Notice, Monetary Penalty Notice, MPN, Administrative fine, Regulatory Action Policy, Regulatory Enforcement, Article 83 UK GDPR, Section 155 Data Protection Act 2018, S.155 DP 2018, Consultation Response, Data Protection Fining Guidance, Information Commissioner, Information Commissioner's Office, ICO, Undertaking, Data Protection Harms, ICO Taxonomy of Data Protection Harms, ConsultationComment
PSNI Blues
PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

Read More
Nicola CainData Protection, PERSONAL DATA, DATA PROTECTION ACT 2018, Part 3 Data Protection Act 2018, Law Enforcement, Law Enforcement Processing, Police, International Transfers, International data transfers, Section 34(3) Data Protection Act 2018, Section 31 Data Protection Act 2018, Section 35(1) Data Protection Act 2018, Section 40 Data Protection Act 2018, Section 42(1) Data Protection Act 2018, Section 73(1) Data Protection Act 2018, Section 73 Data Protection Act 2018, Data Protection Enforcement, Public Sector, Information Commissioner, Information Commissioner's Office, ICO, ICO25Comment
Barely recognisable?
Barely recognisable?

Handley Gill Limited’s consultants respond to the Information Commissioner’s consultation on the draft Biometric Data Guidance Phase 1. We call for clarity on the circumstances in which the deployment of biometric recognition technologies will be considered to be lawful, particularly in the context of employment and the workplace, confirmation that a Data Protection Impact Assessment (DPIA) will always be required when deploying biometric recognition technologies and inclusion of the benefits and risks of biometric recognition. Finally, we argued for greater clarity about the requirements for further processing of special category biometric data.

Read More
Nicola CainData Protection, Personal Data, SPECIAL CATEGORY PERSONAL DATA, Biometric data, Consultation, Consultation Response, GDPR, UK GDPR, Article 4(14) GDPR, Article 4(14) UK GDPR, Biometrics, Information Commissioner, ICO, Biometric Recognition, Facial Recognition, Information Commissioner's Office, Special Category Biometric Data, Article 9(1) GDPR, Article 9(1) UK GDPRComment
So you’ve been debanked…
So you’ve been debanked…

Handley Gill’s data protection consultants consider the implications of the data subject access request (DSAR) submitted by Nigel Farage in the context of his de-banking dispute with Coutts & Co and its parent company Natwest, and advise how individuals can make a data subject access request (DSAR).

Read More
Nicola CainData Protection, Personal Data, GDPR, UK GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Article 15 GDPR, Article 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, Subject Access Request, Retained EU Law, Data Protection & Digital Information (No.2) Bill, Data Protection & Digital Information Bill, Data Protection Reform, Nigel Farage, Coutts & Co, Natwest, Alison Rose, Information Commissioner, Information Commissioner's Office, Data Regulation, Data enforcement, Financial Conduct Authority, FCA, ICO, AML, Anti-Money Laundering, Know Your Customer, KYC, Banking, Financial Services, Data Processing, SPECIAL CATEGORY PERSONAL DATA, Political Opinions, Religious or Philosophical Beliefs, Article 9 UK GDPR, Article 9 GDPR, Peter Flavel, Politically Exposed Person, PEP, Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Money Laundering Regulations, (SI 2017/692), Freedom of Expression, Free Speech, Financial Services and Markets Act 2023, HM Treasury, Freedom of Speech, Discrimination, Protected Characteristics, Religion or Belief, Data Subject Rights, Data Subject Access Request, Retained EU Law (Revocation and Reform) BillComment
CrapITa
CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Read More
Nicola CainData Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment
On Hand March 2023
On Hand March 2023

March 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection, cyber security, AI and machine learning, content regulation, access to information and reputation management. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Read More
Nicola CainOn Hand, Data Protection, Personal Data, GDPR, UK GDPR, DPA 2018, Data Protection Act 2018, Data Protection Reform, Data Reform Bill, Data Protection & Digital Information Bill, Data Protection & Digital Information (No.2) Bill, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Age Appropriate Design Code, European Data Protection Board, EDPB, Department for Science Innovation & Technology, DSIT, Privacy, Misuse of Private Information, Information Commissioner, ICO, Data Protection Officer, DPO, Data protection Legislation, Information Rights, Access to Information, Freedom of Information Act 2000, FOIA, Human Rights, Content Regulation, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, First Tier Tribunal (Information Rights), European Court of Human Rights, Data Breach, Data Breach Reporting, AI Regulation, Reputation Management, Libel, Slander, Defamation, Breach of Confidence, Confidential Information, Open JusticeComment
What's missing from the Computer Misuse Act 1990?
What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Read More
Nicola CainCyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment
Your money... and your life?
Your money... and your life?

New cyber sanctions imposed by the UK and US governments against Russian nationals expose victims of ransomware, and their individual directors and officers, to criminal liability in the event that ransom payments are made.

Read More
Nicola CainRansom, Ransomware, Sanctions, Cyber Sanctions, Ransom Payment, Russia, Ukraine, Sophos State of Ransomware 2022 white paper, Information Commissioner, ICO, Home Secretary, Priti Patel, CyberUK Conference 2021, NCSC, National Cyber Security Centre, NCA, National Crime Agency, OFSI, Office of Financial Sanctions Implementation, Cyber Attack, Cyber Crime, Data Breach, Data Loss, Conti, Conti ransomware, Personal Data, Data Protection, UK Sanctions List, Guidance on Ransomware & Financial Sanctions, HM Treasury, Directors Duties, Directors' Duties, Criminal Offence, Criminal Liability, Cyber (Sanctions) (EU Exit) Regulations 2020, SI 2020/597, Sanctions & Anti-Money Laundering Act 2018, Designated Person, Cryptocurrency, Virtual assets, Due Diligence, Trickbot, Ransomware Victim, CPS, Crown Prosecution Service, Malware, Data Controller, Data ProcessorComment