As the deadline approaches for the government and social media platforms to respond to HM Coroner’s recommendations in the Prevention of Future Deaths report following the Molly Russell inquest verdict, Handley Gill considers how the recommendations stack up against the provisions of the Online Safety Bill.

Nicola Cain29 November 2022Online Safety, Online Harms, ONLINE SAFETY BILL, Bill 285 2021-22, Bill 004 2022-23, Bill 121 2022-23, eSafety, Content Moderation, Intermediary Liability, Social Media, Molly Russell, Molly Russell Inquest, Regulation 28 Coroners (Investigations) Regulations 2013, Regulation 29 Coroners (Investigations) Regulations 2013, Schedule 5 paragraph 7 Coroners and Justice Act 2009, HM Coroner, Chief Coroner, Ofcom, Roadmap to Regulation, Online Safety Regulator, Online Harms Regulator, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, Age Verification, Children’s Risk Assessment, Safety duties protecting children, Harmful content, Primary priority content that is harmful to children, Self-Harm, Digital Regulation Co-operation Forum, DRCF, CMA, Competition & Markets Authority, Information Commissioner, ICO, FCA, Financial Conduct Authority, Advertising, Algorithm, Algorithmic Accountability, Algorithmic TransparencyComment

Take Two

Handley Gill Limited’s response to the Information Commissioner’s second consultation on the draft statutory ‘Data protection and journalism code of practice’, on the processing of personal data for the purpose of journalism under the UK GDPR and Data Protection Act 2018. The ICO is obliged by s.124 Data Protection Act 2018 to prepare and submit the code to the Secretary of State at the Department for Digital, Culture, Media & Sport (DCMS) for it to be laid before Parliament.

Revocation and Reform offers no R & R

Without intervention by DCMS, the Retained EU Law (Revocation and Reform) Bill will decimate the UK’s data protection law framework.

See ya SCCs, enter the IDTA

New data processing or other sharing agreements governed by the UK GDPR, which are entered into on or after Thursday 22 September 2022 and which involve the export of personal data from the UK to third countries and will rely on appropriate safeguards under Article 46 UK GDPR in the form of standard data protection clauses, can no longer rely on the standard contractual clauses (SCCs) or ‘model clauses’ issued by the European Commission and valid as at 31 December 2020 and must instead incorporate the International Data Transfer Agreement or modernised SCCs and International Data Transfer Addendum.

Nicola Cain20 September 2022Data Protection, Data Protection Act 2018, GDPR, UK GDPR, General Data Protection Regulation, UK General Data Protection Regulation, EUROPEAN COMMISSION, Information Commissioner, SchremsII, Schrems II, Standard contractual clauses, SCCs, Modernised Standard Contractual Clauses, Modernised SCCs, International data transfers, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, International Data Transfer Risk Assessment, Article 46 UK GDPR, Article 46 GDPR, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, Brexit, UK-EU Withdrawal Agreement, Article 46(2)(c) UK GDPR, Article 46(2)(d) UK GDPR, Article 46(2)(d) GDPR, Standard data protection clauses, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), Schedule 21 Part 3 para.7 Data Protection Act 2018, Data transfer agreement, Data exporter, Commission Implementing Decision (EU) 2021/914, Data Controller, Data Processor, Data Exporter, Data ImporterComment

U-turn?

Handley Gill summarises the Government's publication of its response to the ‘Data: A New Direction’ consultation, previewing the content of the forthcoming Data Reform Bill, which was proposed in ‘The Benefits of Brexit’ policy paper and formally announced in the Queen’s Speech 2022.

Nicola Cain22 June 2022Personal Data, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, PECR, Privacy and Electronic Communications Regulations, Data: A New Direction, Data Protection Reform, BREXIT, National Data Strategy, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Article 89 UK GDPR, Recital 159 UK GDPR, Recital 33 UK GDPR, Article 14 UK GDPR, Recital 62 UK GDPR, Disproportionate effort, Article 6(1)(f) UK GDPR, Political processing, Article 6 UK GDPR, Special Category Personal Data, Schedule 1 Data Protection Act 2018, Anonymity, Anonymous Data, Article 4(1) UK GDPR, the Council of Europe’s Convention 108, the Council of Europe Convention 108, Privacy management programme, Data Protection Officer, Article 37 UK GDPR, Data Protection Impact Assessment, DPIA, Article 35 UK GDPR, Article 30 UK GDPR, Records of Processing Activities, Article 36 UK GDPR, Prior Consultation, Article 12(5) UK GDPR, Manifestly Unfounded or Excessive, Article 45(2) UK GDPR, International data transfers, Adequacy Decision, s.17B(1) Data Protection Act 2018, Alternative Transfer Mechanisms, Article 46 UK GDPR, Law enforcement processing, Part 3 Data Protection Act 2018, Part 4 Data Protection Act 2018, Cookie Consent, Regulation 6 Privacy and Electronic Communications Regulations, Regulation 22(2) Privacy and Electronic Communications Regulations, Soft Opt-In, Marketing, Regulatory Enforcement, Information Commissioner, Statutory Duties, Statement of Strategic Priorities, Expert Panel, Technical Reports, Notice of Intent, Final Penalty Notice, AI, Artificial Intelligence, Article 22 UK GDPR, Automated Processing, Voluntary Undertakings, Data Breach Reporting, Article 33 UK GDPR, Article 15 UK GDPR, Data Subject Access Request, Reverse Transfers, Article 49 UK GDPR, Derogations, s.35 Digital Economy Act 2017, Data Sharing, Algorithm Transparency, Schedule 1 Part 2 Data Protection Act 2018, Substantial Public Interest, Biometric Data, Impact Assessments, Legitimate Interests Assessment, Biometrics Commissioner, Smart Data Schemes, Data Intermediaries, Article 46(2)(f) UK GDPR, Certification Regime, Surveillance Camera Commissioner, Schedule 16 paragraph 2(2) Data Protection Act 2018, Data Protection & Digital Information BillComment

Dominate that DSAR

Handley Gill’s top tips for complying with data subject access requests under Article 15 UK GDPR / GDPR.

Nicola Cain8 June 2022Data Protection, Personal Data, Data Subject Rights, DSAR, Data Subject Access Request, Data Protection Act 2018, UK GDPR, UK General Data Protection Regulation, GDPR, General Data Protection Regulation, Article 15, Article 15 GDPR, Article 15 UK GDPR, Data controllerComment

Taking a wrong turn? Government pursues data protection reform

The Government has today (10 May 2022) announced in the Queen’s Speech that further to its consultation ‘Data: A New Direction’ it will bring forward legislation in this Parliamentary session to reform the UK’s data protection law (the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations) which has been adopted virtually wholesale from the European General Data Protection Regulation (GDPR).

Nicola Cain10 May 2022Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Protection Reform, Data: A New Direction, Brexit, National Data Strategy, 10 Tech Priorities, Cookies, Data Protection Officer, Information Commissioner, International Data Transfers, Records of Processing Activities, Processing for Research Purposes, AI, Artificial Intelligence, Anonymous Data, Data Intermediaries, Data Stewards, Data Protection Impact Assessments, High Risk Processing, Prior Consultation, Data Breaches, Regulatory Enforcement, Voluntary Undertakings, Cookie Consent, Reverse Transfers, Digital Regulation Co-operation Forum, DRCF, Notice of Intent, Final Penalty Notice, Law Enforcement Processing, Part 3 Data Protection Act 2018, Part 4 Data Protection Act 2018, Automated Processing, Data Protection & Digital Information BillComment