Personal Data — Handley Gill's blog — Handley Gill

AWARD-WINNING LEGAL & REGULATORY COMPLIANCE CONSULTANTS

Posts tagged Personal Data

Common Cause III

Common Cause III

Handley Gill’s specialist data protection consultants report on the final sessions of the House of Commons Public Bill Committee on the Data (Use and Access) Bill on 11 March 2025, when the government reversed several amendments made in the House of Lords.

Won’t you forget about me?

Won’t you forget about me?

Handley Gill’s specialist data protection consultants highlight the European Data Protection Board’s (EDPB’s) announcement of action throughout 2025 under its Co-ordinated Enforcement Framework on the right to erasure, or right to be forgotten, under Article 17 GDPR, identifying likely recipients, how controllers can prepare and how they might respond.

Common Cause II

Common Cause II

Handley Gill’s specialist data protection consultants report on the first sittings of the House of Commons Public Bill Committee on the Data (Use and Access) Bill on 04 March 2025, when the government reversed several amendments made in the House of Lords.

Keeling Over

Keeling Over

Unofficial Keeling schedules demonstrating the effect that the Data (Use & Access) Bill (Bill 179 20224-25) (as brought from the Lords) will have on the Data Protection Act 2018, UK GDPR and Privacy and Electronic Communications (EC Directive) Regulations (PECR).

The Data (Uncertainty and Algorithmic-deregulation) Bill?

The Data (Uncertainty and Algorithmic-deregulation) Bill?

Handley Gill highlights the written evidence submitted by its expert data protection consultants to the House of Commons Public Bill Committee on the the Data (Use & Access) Bill, detailing the implications of the Bill and opportunities to improve it through amendments, which has been accepted and published by the Committee as DUAB20.

Tell me why!

Tell me why!

When, to coin the Little Britain phrase, the “computer says no”, what information are individuals entitled to know? Handley Gill’s specialist data protection and responsible AI consultants summarise the ruling in C‑203/22 CK v Magistrat der Stadt Wien (commonly referred to as the Dun & Bradstreet case) determining how to comply with the obligation to provide meaningful information on automated decision-making.

Nicola Cain27 February 2025Data Protection, Personal Data, GDPR, General Data Protection Regulation, EU GDPR, Regulation (EU) 2016/679, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, Algorithmic Decision Making, Automated Decision Making, Article 22 GDPR, Article 22 UK GDPR, Artificial Intelligence, AI, AI Regulation, Article 13(2)(f) GDPR, Article 13(2)(f) UK GDPR, Article 14(2)(g) GDPR, Article 14(2)(g) UK GDPR, Article 15(1)(h) GDPR, Article 15(1)(h) UK GDPR, Article 13 GDPR, Article 13 UK GDPR, Article 14 GDPR, Article 14 UK GDPR, Article 15 GDPR, Article 15 UK GDPR, Article 13(2) GDPR, Article 13(2) UK GDPR, Article 14(2) GDPR, Article 14(2) UK GDPR, Article 15(1) GDPR, Article 15(1) UK GDPR, Confidential Information, Trade Secrets, Artificial Intelligence Regulation, AI Governance, Artificial Intelligence Governance, AI Transparency, Artificial Intelligence Transparency, Algorithmic Transparency, Ethical AI, AI Safeguards, AI Guardrails, Machine Learning, Article 29 Working Party, European Data Protection Board, EDPB, Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, C-203/22, Privacy Notice, Data Subject Rights, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, SUBJECT ACCESS REQUEST, ICO guidance on automated decision-making and profiling, Information Commissioner's guidance on automated decision-making and profilingComment

Common Cause Part I

Common Cause Part I

Handley Gill’s specialist data protection consultants report on the Data (Use and Access) Bill’s Second Reading in the House of Commons on 12 February 2025, which provided MPs with the first opportunity to debate proposals to reform the UK’s data protection legislation.

Peer Review VI

Peer Review VI

Handley Gill’s specialist data protection consultants report on peers’ final consideration of the Data (Use and Access) Bill at Third Reading on 05 February 2025, when the Government was defeated by Baroness Owen’s amendments in relation to non-consensual deepfake intimate image offences, before the Bill was sent to the House of Commons.

Peer Review V

Peer Review V

Following the conclusion of the House of Lords’ Grand Committee’s scrutiny of the Data (Use and Access) Bill, Handley Gill’s specialist data protection consultants report on peers’ consideration of the Bill at Report stage on 21 and 28 January 2025.

Opportunity Knocks

Opportunity Knocks

Handley Gill Limited’s specialist responsible AI consultants summarise the UK government’s AI Opportunities Action Plan prepared by Matt Clifford CBE and published on 13 January 2025, identifying and analysing the key recommendations affecting data protection, AI regulation, intellectual property and copyright and, ESG.

Nicola Cain13 January 2025Artificial Intelligence, AI, AI Opportunities Action Plan, AI Regulation, Data Protection, Personal Data, Data (Use and Access) Bill, Intellectual Property Rights, Intellectual Property, Copyright, Environment, Environmental Social & Governance, Environmental Social & Corporate Governance, ESGComment

Peer Review - Part II

Peer Review - Part II

As the Data (Use and Access) Bill continues its passage through the House of Lords, Handley Gill’s specialist data protection consultants summarise the second scrutiny session of the House of Lords’ Grand Committee on the Data (Use and Access) Bill on 10 December 2024, when peers began their consideration of the provisions of Part 5 of the Data (Use and Access) Bill on ‘Data protection and privacy’.

Here’s one I prepared earlier

Here’s one I prepared earlier

In a comprehensive briefing, the Handley Gill’s specialist data protection consultants analyse the provisions of the Labour government’s Data (Use and Access) Bill (HL Bill 40 2024-25) as introduced in the House of Lords on 23 October 2024, the latest attempt after the Data Protection and Digital Information Bill to reform UK data protection law, as set out in the UK GDPR, Data Protection Act 2018, Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (PECR).

Back on the Data Protection Reform Merry-Go-Round

Back on the Data Protection Reform Merry-Go-Round

The new Labour government has today (23 October 2024) introduced the Data (Use and Access) Bill in the House of Lords, in the latest attempt to reform the UK’s data protection laws as set out in the UK GDPR, Data Protection Act 2018, Data Protection Act 1998 and Privacy and Electronic Communications Regulations.

Every little bit of data helps?

Every little bit of data helps?

While the sale of marketing lists is generally prohibited, as retail insolvencies increase Handley Gill’s specialist data protection consultants analyse the Information Commissioner’s laissez-faire approach to the purchase and use of the CRM databases of companies in administration and consider the opportunity this offers to administrators and potential purchasers of distressed businesses by reference to the recent case studies of Tesco’s purchase of Paperchase’s assets and the sale of The Body Shop’s assets.

A problem shared...

A problem shared...

As Iceland boss Richard Walker decried data protection and human rights laws for allegedly preventing him and his staff from sharing information with other retailers in order tackle the scourge of shoplifting, Handley Gill’s specialist data protection consultants consider how these and other laws apply to retailers and shopping centre operators and identify the steps retailers can take to lawfully share personal data for the purposes of preventing or detecting crime.

Nicola Cain3 September 2024Data Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Controller, Data Sharing, Data Sharing Agreement, Criminal Conviction & Offence Data, Article 10 UK GDPR, Section 11 Data Protection Act 2018, s.11 DPA 2018, Section 11(2) Data Protection Act 2018, s.11(2) DPA 2018, Section 10 Data Protection Act 2018, S.10 DPA 2018, Section 10(5) Data Protection Act 2018, s.10(5) DPA 2018, Retail, Retail Crime, Theft, Shoplifting, Data Protection Offences, Data protection impact assessment, DPIA, Appropriate Policy Document, Schedule 1 Data Protection Act 2018, Public Domain, Manifestly Made Public, NT1 & NT2 v Google LLC [2018] EWHC 799 (QB), Data Privacy, Misuse of Private Information, Article 8 ECHR, Article 8 European Convention on Human Rights, Rehabilitation of Offenders Act 1974, Retention Schedule, Data Retention, Section 170 Data Protection Act 2018, Prevention or detection of crime, Crime prevention, Crime detection, Human Rights Act 1998, Reputation Management, Defamation, Libel, SlanderComment

At your service

At your service

As the UK’s 58th Prime Minister, Sir Keir Starmer, enters 10 Downing Street following the Labour Party’s landslide victory in the 2024 General Election, Handley Gill’s consultants consider what we can expect for cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG.

Nicola Cain5 July 2024General Election 2024, Labour Party, Data Protection, Personal Data, UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, DPA 2018, UK GENERAL DATA PROTECTION REGULATION, Online Safety, Online Harms, eSafety, Online Safety Act 2023, Human Rights, Duty of Candour, Equality Act 2010, AI, Artificial Intelligence, Artificial Intelligence (Employment and Regulation) Bill, National Data Library, Regulatory Innovation Office, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, SLAPPs, Leveson 2, Strategic Litigation Against Public Participation Bill, Strategic Litigation Against Public Participation, Media Act 2024, PLATFORM REGULATION, CONTENT REGULATION, Radicalisation, Cyber Security, Cyber Resilience, Strategic Defence Review, Digital Markets, ESG, Environmental Social & Corporate Governance, Paris AgreementComment

Security guaranteed?

Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Nicola Cain12 June 2024Data Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment

Washed-up or fallen down the plughole?

Washed-up or fallen down the plughole?

Following the announcement on 22 May 2024 of the snap General Election to take place on 04 July 2024, Parliament has been prorogued with effect from 24 May 2024 (meaning Parliamentary business is suspended thereafter) and will be dissolved with effect from 30 May 2024. The brief period between the announcement of the election and prorogation is known as wash up, when political parties must negotiate to pass outstanding Bills, or parts of them, or Bills fall. Prorogation also bring an end to the work of the various Parliamentary Committees. Handley Gill’s consultants consider which Bills have been washed up and which have fallen in the context of cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG, as well as the work of Parliamentary Committees which were either rushed out or dropped.

Nicola Cain5 June 2024General Election 2024, GE2024, Data Protection, Personal Data, Data Protection and Digital Information Bill, Media Bill, Media Act 2024, Digital Markets Competition & Consumers Bill, Digital Markets Competition & Consumers Act 2024, Human Rights, Duty of Candour, Joint Committee on Human Rights, Education Committee, Commons Education Committee, Screentime impact on education & wellbeing, Science Innovation & Technology Committee, House of Commons Science Innovation & Technology Committee, Artificial Intelligence, AI, AI Governance, Governance of Artificial Intelligence, Artificial Intelligence (Regulation) Bill, SLAPPs, Strategic Litigation Against Public Participation Bill, Criminal Justice Bill, European Affairs Committee, UK-EU Data Adequacy, Adequacy Decision, Cyber Security, Information Security, Cyber Resilience, Cyber resilience of the UK's critical national infrastructure (CNI), Commons Women & Equalities Committee, Non-consensual intimate image abuse, Revenge porn, Online Safety, Online Harms, DPDI Bill, OFCOM, Competition and Markets Authority, CMA, Strategic Lawsuit Against Public Participation, Strategic Litigation Against Public Participation, Data Protection Reform, UK GDPR, Victims and Prisoners Act 2024, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be ForgottenComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Snap Out of It

Snap Out of It

Handley Gill’s specialist data protection and responsible AI consultants analyse the Information Commissioner’s final decision in respect of Snap, Inc’s MyAI chatbot and the compliance with the obligation under Article 35 UK GDPR to carry out a data protection impact assessment (DPIA) and under Article 36 UK GDPR to consult the Information Commissioner in respect of high risk processing, and consider the implications for the ICO’s approach to enforcement.