Information Commissioner's Office — Handley Gill's blog — Handley Gill

LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Posts tagged Information Commissioner's Office

Every little bit of data helps?

Every little bit of data helps?

While the sale of marketing lists is generally prohibited, as retail insolvencies increase Handley Gill’s specialist data protection consultants analyse the Information Commissioner’s laissez-faire approach to the purchase and use of the CRM databases of companies in administration and consider the opportunity this offers to administrators and potential purchasers of distressed businesses by reference to the recent case studies of Tesco’s purchase of Paperchase’s assets and the sale of The Body Shop’s assets.

[Regulators] hold back… galvanise

[Regulators] hold back… galvanise

Unlike the Chemical Brothers, Prime Minister Keir Starmer called on regulators to hold back in order to galvanise economic growth in his speech to the International Investment Summit on 14 October 2024. We consider the implications for UK regulation of artificial intelligence (AI), digital markets and data protection by the ICO, CMA and Regulatory Innovation Office, and forthcoming legislation.

#DPPC24

#DPPC24

If you couldn’t make it to the Information Commissioner's Office's (ICO's) Data Protection Practitioners' Conference 2024 (DPPC24), missed a session, were double-booked, couldn’t choose or want to delve deeper into the issues raised by any of the following sessions, Handley Gill's specialist data protection consultants highlight our related content.

Not so instant compliance

Not so instant compliance

As Meta announces the introduction of Instagram Teen Accounts for users in the UK, USA, Canada and Australia, Handley Gill’s specialist data protection and online trust and safety consultants consider the global laws and regulations that have spurred this change, and the role of the Information Commissioner’s Children’s Code aka the Age Appropriate Design Code, the UK Online Safety Act 2023, the US’ Kids Online Safety Act (‘KOSA’) and the Children and Teen’s Online Privacy Protection Act (‘COPPA 2.0’).

Nicola Cain19 September 2024Online Safety, Online Harms, eSafety, Online Safety Act 2023, Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Children's Code, Age Appropriate Design Code, Social Media, Information Society Services, CHILDREN, Children's Data, Likely to be accessed by children, Trust and Safety, Privacy Settings, Meta, Instagram, Teen Accounts, KOSA, Kids Online Safety Act, Age Assurance, Age Verification, Enforcement, Data Protection Enforcement, Children and Teen’s Online Privacy Protection Act, COPPA, COPPA 2.0, Children's Code Strategy, ICO Children's Code Strategy, Protecting Children's Privacy Online, SMPs, Social Media Platforms, VSPs, Video Sharing Platforms, Platform Liability, Ofcom, Protecting Children from Harms Online, Children's Safety CodeComment

On Hand July 2024

July 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management and free speech, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 July 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Defamation, Malicious Falsehood, Misuse of Private Information, Privacy, Confidential Information, Breach of Confidence, Article 8 European Convention on Human Rights, Free speech, Freedom of Speech, Freedom of Expression, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, AI, Artificial Intelligence, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Online Safety, Online Harms, eSafety, EU AI Act, Online Safety Act 2023, Digital Markets Act, Cookies, Contempt, EU Corporate Sustainability Due Diligence Directive, Information Commissioner, ICO, Information Commissioner's Office, Data Subject Rights, Data protection impact assessment, DPIAComment

Off the rails?

Off the rails?

Handley Gill Limited’s specialist data protection and ESG consultants consider the results of the Information Commissioner’s Office’s Cyber Security Incident Trends Report for Q1 2024 and the implications for Sir Keir Starmer’s new Labour government, calling for a greater understanding of and focus on cyber and information risk management by directors and trustees.

Nicola Cain11 July 2024Cyber Security, Data Protection, Cyber Security Breaches Survey 2024, Department for Science Innovation and Technology, Information Commissioner, Information Commissioner's Office, Cyber Attack, Data Breach, Data Breaches, Data Breach Statistics, Data Security Incident Trends Report, National Cyber Security Strategy 2022, Directors' Duties, ESGComment

Security guaranteed?

Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Nicola Cain12 June 2024Data Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment

Right my wrongs

Right my wrongs

As the Information Commissioner’s Office conducts the fourth part of its consultation on generative AI and data protection focusing on data subject rights, ‘engineering individual rights into generative AI models’, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response, as well as highlighting areas not currently addressed in the draft guidance.

Nicola Cain9 June 2024Data Protection, PERSONAL DATA, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, Information Commissioner, Information Commissioner's Office, ICO, Data Subject Rights, SUBJECT ACCESS REQUEST, DATA SUBJECT ACCESS REQUEST, Data Subject Rights Request, Article 12 UK GDPR, ARTICLE 12(5) UK GDPR, Article 12 GDPR, Article 12(5) GDPR, Article 13 UK GDPR, Article 13 GDPR, Article 14 UK GDPR, Article 14 GDPR, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPR, Article 15 UK GDPR, Article 15 GDPR, Article 16 UK GDPR, Article 16 GDPR, Right to Rectification, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be Forgotten, RTBF, Article 18 UK GDPR, Article 18 GDPR, Right to restriction of processing, Article 19 UK GDPR, Article 19 GDPR, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Web Scraping, AI Training, AI Training Data, AI Transparency, AI Regulation, Generative AI & Data Protection, Engineering Individual Rights into Generative AI Models, Privacy Notice, Privacy PolicyComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Time to regenerate

Time to regenerate

The Information Commissioner’s fourth call for evidence in its Generative AI consultation series on ‘engineering individual rights into generative AI models’ suggests that generative AI model developers should regenerate their privacy policies to ensure that they provide individuals with sufficient information to ascertain whether they have been affected by the web scraping of their personal data.

Breach? Don’t preach! Take some good advice!

Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

Best Before: 21 March 2024

Best Before: 21 March 2024

Handley Gill’s specialist data protection consultants highlight the forthcoming deadline for data controllers to review and, if necessary, update the safeguards relied upon as the lawful basis for conducting transfers of personal data from the UK to overseas where these currently rely upon the old European Commission standard contractual clauses / model clauses, including guidance on the actions that need to be taken.

Nicola Cain13 March 2024Data Protection, Personal Data, UK GDPR, Data Transfer, International data transfers, Restricted International Data Transfers, Article 46(2)(d) UK GDPR, BREXIT, Standard contractual clauses, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Standard data protection clauses, Information Commissioner, Information Commissioner's Office, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, EUROPEAN COMMISSION, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, DATA PROTECTION ACT 2018, Schedule 21 Part 3 para.7 Data Protection Act 2018, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), International Data Transfer Risk Assessment, International Data Transfer Impact Assessment, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Appropriate Safeguards, Commission Implementing Decision (EU) 2021/914 of 4 June 2021Comment

Labouring under an illusion?

Labouring under an illusion?

Handley Gill’s consultants reflect on the openDemocracy conference ‘Where are we now with the Freedom of Information Act?’, held on Friday 08 March 2024 at the Institute of Advanced Legal Studies, where Labour Shadow Attorney General Emily Thornberry MP gave the keynote speech outlining Labour’s position on FOIA, openness and transparency and the ICO warned of the potential for more stringent enforcement.

Nicola Cain8 March 2024Access to Information, Information Rights, Freedom of Information Act 2000, FOIA, FOI, Environmental Information Regulations 2004, EIRs, Information Commissioner, Information Commissioner's Office, ICO, Shadow Attorney General, Emily Thornberry MP, Labour Party, openDemocracy, Institute of Advanced Legal Studies, IALS, Freedom of Information Statistics: annual 2022 bulletin, Transparency, John Edwards, Freedom of Information Act 2000 Post-Legislative Scrutiny, Independent Commission on Freedom of Information, Freedom of Information statistics: July to September 2023 bulletin, Public authority, Regulatory Enforcement, Enforcement Notice, Practice Recommendation, Institute for Government, OECD, Organisation for Economic Co-operation and Development, OURdata Index, Open Useful and Re-Useable Data Index, Openness, The benefits of transparency: Why being more open is good for government, Publication Scheme, Section 19 Freedom of Information Act 2000, s.19 FOIA, Section 54 Freedom of Information Act 2000, S.54 FOIA, ContemptComment

Scraping together a lawful basis

Scraping together a lawful basis

As the Information Commissioner’s Office consults on the lawful basis for web scraping by AI developers to train generative AI models under the UK GDPR, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response.

Nicola Cain1 March 2024Data Protection, Personal Data, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, ARTICLE 6 UK GDPR, Article 6(1)(f) UK GDPR, Legitimate Interests, Legitimate Interests Assessment, Information Commissioner, Information Commissioner's Office, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Intellectual Property, Intellectual Property Rights, Copyright, Copyright Infringement, Web Scraping, AI Training, AI Training Data, Intellectual Property Office, IPO, A pro-innovation approach to AI regulation, Voluntary code of practice on copyright and AI, Sir Patrick Vallance, Pro-Innovation Regulation for Digital Technologies Review, House of Lords Communications & Digital Committee, Report on Large Language Models (LLMs) and Generative AI, Data Mining, Copyright Designs and Patents Act 1988, AI Regulation, Joint statement on data scraping and data protection, Data scrapingComment

AI regulation in the UK: in out in out shake it all about

AI regulation in the UK: in out in out shake it all about

Handley Gill’s consultants analyse the Government’s response to its consultation on the White Paper ‘A pro-innovation approach to AI regulation’, published on 06 February 2024, and its implications for AI developers and UK creators, business and the public, identifying the steps the Government has committed to take.

Nicola Cain6 February 2024AI, Artificial Intelligence, Artificial Intelligence (Regulation) Bill, A pro-innovation approach to AI regulation, Department for Science Innovation & Technology, AI Governance, AI Regulation, AI Risk, AI Risk Assessment, AI Safety, EU AI Act, AI Act, AI Regulation White Paper, House of Lords Communications & Digital Committee, Large Language Models & Generative AI, Large Language Models, LLMs, Generative AI, Ofcom, Information Commissioner's Office, Information Commissioner, ICO, EHRC, Equality and Human Rights Commission, CMA, Competition & Markets Authority, Digital Markets Competition & Consumers Bill, Data Protection & Digital Information Bill, DPDI Bill, Data Protection, Discrimination, Bias, Cyber Security, Ofsted, Office for Product Safety & Standards, AI Regulatory Principles, 5 AI Regulatory Principles, Centre for Data Ethics and Innovation, CDEI, Responsible Technology Adoption Unit, Employment Law, HR, Human Resources, Recruitment, Automated Processing, Automated Decision Making, Safety Security & Robustness, Appropriate transparency and explainability, Fairness, Accountability & Governance, Contestability and redress, Copyright, Copyright Infringement, Intellectual Property, Intellectual Property Rights, IPR, Misinformation, Disinformation, Online Safety Act 2023, AI Management Essentials Scheme, AI Security, AI Safety Institute, Human Rights, Human Rights Act 1998Comment

Regulation regeneration?

Regulation regeneration?

Handley Gill’s consultants respond to the Department for Business and Trade’s consultation on ‘Smarter Regulation and the Regulatory Landscape’, drawing on their experience of advising and representing individuals and regulated entities on data protection, online safety, content regulation, AI, human rights and ESG issues before regulators including the Information Commissioner’s Office, Ofcom and the Competition and Markets Authority (CMA).

It’s a fine life

It’s a fine life

Handley Gill’s specialist data protection consultants respond to the Information Commissioner’s consultation on its draft Data Protection Fining Guidance, which will replace relevant parts of its Regulatory Action Policy (2018) relating to when the issue of a monetary penalty notice is appropriate and the approach to calculating any fine.

PSNI Blues

PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

Barely recognisable?

Barely recognisable?

Handley Gill Limited’s consultants respond to the Information Commissioner’s consultation on the draft Biometric Data Guidance Phase 1. We call for clarity on the circumstances in which the deployment of biometric recognition technologies will be considered to be lawful, particularly in the context of employment and the workplace, confirmation that a Data Protection Impact Assessment (DPIA) will always be required when deploying biometric recognition technologies and inclusion of the benefits and risks of biometric recognition. Finally, we argued for greater clarity about the requirements for further processing of special category biometric data.

So you’ve been debanked…

So you’ve been debanked…

Handley Gill’s data protection consultants consider the implications of the data subject access request (DSAR) submitted by Nigel Farage in the context of his de-banking dispute with Coutts & Co and its parent company Natwest, and advise how individuals can make a data subject access request (DSAR).

Nicola Cain30 July 2023Data Protection, Personal Data, GDPR, UK GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Article 15 GDPR, Article 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, Subject Access Request, Retained EU Law, Data Protection & Digital Information (No.2) Bill, Data Protection & Digital Information Bill, Data Protection Reform, Nigel Farage, Coutts & Co, Natwest, Alison Rose, Information Commissioner, Information Commissioner's Office, Data Regulation, Data enforcement, Financial Conduct Authority, FCA, ICO, AML, Anti-Money Laundering, Know Your Customer, KYC, Banking, Financial Services, Data Processing, SPECIAL CATEGORY PERSONAL DATA, Political Opinions, Religious or Philosophical Beliefs, Article 9 UK GDPR, Article 9 GDPR, Peter Flavel, Politically Exposed Person, PEP, Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Money Laundering Regulations, (SI 2017/692), Freedom of Expression, Free Speech, Financial Services and Markets Act 2023, HM Treasury, Freedom of Speech, Discrimination, Protected Characteristics, Religion or Belief, Data Subject Rights, Data Subject Access Request, Retained EU Law (Revocation and Reform) BillComment