Not so instant compliance

As Meta announces the introduction of Instagram Teen Accounts for users in the UK, USA, Canada and Australia, Handley Gill’s specialist data protection and online trust and safety consultants consider the global laws and regulations that have spurred this change, and the role of the Information Commissioner’s Children’s Code aka the Age Appropriate Design Code, the UK Online Safety Act 2023, the US’ Kids Online Safety Act (‘KOSA’) and the Children and Teen’s Online Privacy Protection Act (‘COPPA 2.0’).

Nicola Cain19 September 2024Online Safety, Online Harms, eSafety, Online Safety Act 2023, Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Children's Code, Age Appropriate Design Code, Social Media, Information Society Services, CHILDREN, Children's Data, Likely to be accessed by children, Trust and Safety, Privacy Settings, Meta, Instagram, Teen Accounts, KOSA, Kids Online Safety Act, Age Assurance, Age Verification, Enforcement, Data Protection Enforcement, Children and Teen’s Online Privacy Protection Act, COPPA, COPPA 2.0, Children's Code Strategy, ICO Children's Code Strategy, Protecting Children's Privacy Online, SMPs, Social Media Platforms, VSPs, Video Sharing Platforms, Platform Liability, Ofcom, Protecting Children from Harms Online, Children's Safety CodeComment

Another bauble for the tree?

The UK government has today (05 September 2024) joined the US, EU and other countries in signing the Council of Europe’s Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. Handley Gill’s specialist artificial intelligence (AI) consultants consider the implications of this statement of intent for the UK’s current and proposed legislation as announced in the King’s Speech 2024, and what new laws and amendments will be necessary to enable the UK to meet the AI Treaty’s obligations.

Nicola Cain5 September 2024Artificial Intelligence, AI, AI Regulation, AI Governance, Council of Europe Framework Convention on Artificial Intelligence and Human Rights Democracy and the Rule of Law, AI Treaty, Labour Party Manifesto 2024, King's Speech 2024, EU AI Act, Human Rights, Equality, Discrimination, Privacy, Data Protection, PERSONAL DATA, Human Rights Act 1998, Equality Act 2010, Data Protection & Digital Information Bill, Digital Information and Smart Data Bill, Democracy, Rule of Law, AI Systems, Online Safety Act 2023, Disinformatoin, Transparency, Liability, Redress, ICO, Information Commissioner, Equality and Human Rights Commission, Digital Regulation Co-operation Forum, DRCF, AI Regulation White Paper, Accuracy, Reliability, AI Safety, AI Security, Risk Management, AI Safety Institute, DisinformationComment

On Hand August 2024

August 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 August 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, Cyber Resilience, CONTENT REGULATION, Content Moderation, Online Safety, Online Harms, eSafety, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Confidential Information, Breach of Confidence, Freedom of Expression, Freedom of Speech, Free speech, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, AI, Artificial Intelligence, Digital Markets, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Information Commissioner, ICO, Monetary Penalty Notice, International data transfers, Restricted International Data Transfers, Media Act 2024, Generative AI & Data Protection, Generative AI, Generative Artificial Intelligence, CMA, Competition & Markets Authority, Children's Code, Institute of Directors, IoD, Responsible Business, FCA, Financial Conduct Authority, Data Protection Commission, Leveson, Press Recognition Panel, Press Regulation, Media Regulation, Data Controller, Data Protection Fee, Online Safety Act 2023, Illegal Harms, Digital Markets Competition & Consumers Act, DMCCAComment

Holiday packing list

With the summer holiday season in full swing, Handley Gill Limited’s specialist data protection and cyber resilience consultants consider the data protection and information security risks of staff taking data and devices used for business purposes overseas and the practical measures that organisations can take to safeguard data subject to border control powers.

On Hand July 2024

July 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management and free speech, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 July 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Defamation, Malicious Falsehood, Misuse of Private Information, Privacy, Confidential Information, Breach of Confidence, Article 8 European Convention on Human Rights, Free speech, Freedom of Speech, Freedom of Expression, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, AI, Artificial Intelligence, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Online Safety, Online Harms, eSafety, EU AI Act, Online Safety Act 2023, Digital Markets Act, Cookies, Contempt, EU Corporate Sustainability Due Diligence Directive, Information Commissioner, ICO, Information Commissioner's Office, Data Subject Rights, Data protection impact assessment, DPIAComment

A paradox of choice

Handley Gill Limited’s specialist consultants unpack the recent High Court decision in Harrison v (1) Cameron & (2) Alasdair Cameron Limited [2024] EWHC 1377 (KB), in which the High Court determined that data controllers responding to data subject access requests (DSARs) are obliged to disclose the specific identities of recipients of personal data, and are not permitted to merely disclose categories of recipient unless exceptions or exemptions apply.

Right my wrongs

As the Information Commissioner’s Office conducts the fourth part of its consultation on generative AI and data protection focusing on data subject rights, ‘engineering individual rights into generative AI models’, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response, as well as highlighting areas not currently addressed in the draft guidance.

Nicola Cain9 June 2024Data Protection, PERSONAL DATA, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, Information Commissioner, Information Commissioner's Office, ICO, Data Subject Rights, SUBJECT ACCESS REQUEST, DATA SUBJECT ACCESS REQUEST, Data Subject Rights Request, Article 12 UK GDPR, ARTICLE 12(5) UK GDPR, Article 12 GDPR, Article 12(5) GDPR, Article 13 UK GDPR, Article 13 GDPR, Article 14 UK GDPR, Article 14 GDPR, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPR, Article 15 UK GDPR, Article 15 GDPR, Article 16 UK GDPR, Article 16 GDPR, Right to Rectification, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be Forgotten, RTBF, Article 18 UK GDPR, Article 18 GDPR, Right to restriction of processing, Article 19 UK GDPR, Article 19 GDPR, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Web Scraping, AI Training, AI Training Data, AI Transparency, AI Regulation, Generative AI & Data Protection, Engineering Individual Rights into Generative AI Models, Privacy Notice, Privacy PolicyComment

On Hand March 2024

The March 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 March 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, Regulation, Regulation (EU) 2016/679, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Malicious Falsehood, Defamation, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Article 8 ECHR, Article 7 European Charter of Fundamental Freedoms, Article 8 European Charter of Fundamental Freedoms, Charter of Fundamental Rights of the European Union, Freedom of Speech, Free speech, Freedom of Expression, Article 10 European Convention on Human Rights, Article 10 ECHR, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, Artificial Intelligence, AI, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate GovernanceComment

PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

On Hand July 2023

July 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain1 August 2023Data Protection, PERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, Cyber Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Open Justice, Malicious Falsehood, Misuse of Private Information, Privacy, Data Privacy, AI, Artificial Intelligence, Digital Markets Regulation, Access to Information, Freedom of Information Act 2000, Adequacy Decision, US Adequacy Decision, EU-US Data Privacy Framework, Trans-Atlantic EU-US Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Freedom of Expression, Free Speech, Freedom of Speech, Information Commissioner, Special Purposes, Special Purposes Processing, Journalism, Journalism Code, Journalism Exemption, Data protection and journalism code, Facial Recognition, Right to be Forgotten, CBPR Form, Global Cross Border Privacy Rules Forum, Pornography, Surveillance, Biometrics Commissioner, Surveillance Camera Commissioner, Digital Markets Act, Data Subject Rights, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, Retained EU Law, Human Rights, European Convention on Human Rights, Article 8 European Convention on Human Rights, Article 10 European Convention on Human RightsComment

Certify...certify me!

Handley Gill’s specialist data protection consultants consider the options and certification requirements for US entities importing personal data from the EEA following the adoption of the European Commission’s adequacy decision in respect of the Trans-Atlantic EU-US Data Privacy Framework, providing a lawful basis for transferring personal data to the US under the GDPR.

Nicola Cain16 July 2023Data Protection, Data Privacy, PERSONAL DATA, GDPR, General Data Protection Regulation, GENERAL DATA PROTECTION REGULATION, Regulation (EU) 2016/679, Data Transfer, Restricted International Data Transfers, Restricted Data Transfer, International Transfers, International data transfers, US Data Transfers, EU-US DPF, EU-US Data Privacy Framework, SCCs, Modernised SCCs, Supplementary Measures, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Data transfer agreement, TADPF, Trans-Atlantic EU-US Data Privacy Framework, Trans-Atlantic EU-US Data Privacy Framework Principles, DPF Principles, Privacy Shield, Privacy Shield Principles, EU-US DPF Certification, Privacy Shield Certification, Privacy Shield Self-Certification, Schrems II, Personal Data Transfer, Personal Data Export, Data exporter, Data Importer, Safe Harbor, Chapter 5 GDPR, Article 44 GDPR, Article 45 GDPR, Adequacy Decision, US Adequacy Decision, EUROPEAN COMMISSION, C(2023) 4745, TADPF Certification, Data Controller, Data Processor, Data ExporterComment

Pride 2023: Take pride in your processing

Effective data protection compliance measures can promote, empower and protect the LGBTQIA+ community and can not only assist organisations in identifying and eliminating discrimination, but also in supporting LGBTQIA+ individuals and enabling them to have their gender identity and sexual orientation recognised.

Nicola Cain26 June 2023DATA PROTECTION, PERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, GDPR, GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, SPECIAL CATEGORY PERSONAL DATA, SENSITIVE PERSONAL DATA, SEX LIFE, SEXUAL ORIENTATION, GENDER, PRIDE, LGBTQIA+, Inferred personal data, Data protection impact assessment, DPIA, Article 4(1) UK GDPR, Article 4(1) GDPR, Article 9(1) UK GDPR, Article 9(1) GDPR, Section 10 Data Protection Act 2018, S.10 Data Protection Act 2018, S.10 DPA 2018, Schedule 1 Data Protection Act 2018, Schedule 1 Part 2 paragraph 8 Data Protection Act 2018, Schedule 1 Part 2 paragraph 16 Data Protection Act 2018, Schedule 1 Part 2 paragraph 17 Data Protection Act 2018, Article 5(1)(d) UK GDPR, Article 5(1)(d) GDPR, Article 17 UK GDPR, Article 17 GDPR, Right to be Forgotten, Article 21 UK GDPR, Article 21 GDPR, Article 25 UK GDPR, Article 25 GDPR, Article 5(1)(c) UK GDPR, Article 5(1)(c) GDPR, Appropriate Policy Document, Data ControllerComment

Pile Up Ahead?

Handley Gill comments on the Government’s response to the ‘Data: A New Direction’ consultation, which previews the content of the forthcoming Data Reform Bill, and identifies other issues which would merit being addressed in the proposed legislation.

Nicola Cain7 July 2022Handley Gill LimitedPERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, PECR, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, DATA: A NEW DIRECTION, DATA PROTECTION REFORM, BREXIT, NATIONAL DATA STRATEGY, CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA, POLITICAL PROCESSING, ARTICLE 6 UK GDPR, SPECIAL CATEGORY PERSONAL DATA, SCHEDULE 1 DATA PROTECTION ACT 2018, ANONYMITY, ANONYMOUS DATA, ARTICLE 4(1) UK GDPR, THE COUNCIL OF EUROPE’S CONVENTION 108, THE COUNCIL OF EUROPE CONVENTION 108, PRIVACY MANAGEMENT PROGRAMME, DATA PROTECTION OFFICER, ARTICLE 37 UK GDPR, DATA PROTECTION IMPACT ASSESSMENT, DPIA, ARTICLE 35 UK GDPR, ARTICLE 30 UK GDPR, RECORDS OF PROCESSING ACTIVITIES, ARTICLE 36 UK GDPR, PRIOR CONSULTATION, ARTICLE 12(5) UK GDPR, MANIFESTLY UNFOUNDED OR EXCESSIVE, VEXATIOUS OR EXCESSIVE, ARTICLE 45(2) UK GDPR, INTERNATIONAL DATA TRANSFERS, ADEQUACY DECISION, S.17B(1) DATA PROTECTION ACT 2018, COOKIES, COOKIE CONSENT, REGULATION 6 PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, REGULATION 22(2) PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, SOFT OPT-IN, MARKETING, INFORMATION COMMISSIONER, EXPERT PANEL, ENFORCEMENT, MONETARY PENALTY NOTICE, ARTICLE 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, SUBJECT ACCESS REQUEST, BILL OF RIGHTS, EUROPEAN COURT OF HUMAN RIGHTS, UK SUPREME COURT, SUPREME COURT, EUROPEAN COMMISSION, COMMISSION IMPLEMENTING DECISION C(2021) 4800, Data Protection & Digital Information BillComment