Handley Gill's blog — Handley Gill

LEGAL & REGULATORY COMPLIANCE CONSULTANTS

Not so instant compliance

Not so instant compliance

As Meta announces the introduction of Instagram Teen Accounts for users in the UK, USA, Canada and Australia, Handley Gill’s specialist data protection and online trust and safety consultants consider the global laws and regulations that have spurred this change, and the role of the Information Commissioner’s Children’s Code aka the Age Appropriate Design Code, the UK Online Safety Act 2023, the US’ Kids Online Safety Act (‘KOSA’) and the Children and Teen’s Online Privacy Protection Act (‘COPPA 2.0’).

Nicola Cain19 September 2024Online Safety, Online Harms, eSafety, Online Safety Act 2023, Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Children's Code, Age Appropriate Design Code, Social Media, Information Society Services, CHILDREN, Children's Data, Likely to be accessed by children, Trust and Safety, Privacy Settings, Meta, Instagram, Teen Accounts, KOSA, Kids Online Safety Act, Age Assurance, Age Verification, Enforcement, Data Protection Enforcement, Children and Teen’s Online Privacy Protection Act, COPPA, COPPA 2.0, Children's Code Strategy, ICO Children's Code Strategy, Protecting Children's Privacy Online, SMPs, Social Media Platforms, VSPs, Video Sharing Platforms, Platform Liability, Ofcom, Protecting Children from Harms Online, Children's Safety CodeComment

Another bauble for the tree?

Another bauble for the tree?

The UK government has today (05 September 2024) joined the US, EU and other countries in signing the Council of Europe’s Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. Handley Gill’s specialist artificial intelligence (AI) consultants consider the implications of this statement of intent for the UK’s current and proposed legislation as announced in the King’s Speech 2024, and what new laws and amendments will be necessary to enable the UK to meet the AI Treaty’s obligations.

Nicola Cain5 September 2024Artificial Intelligence, AI, AI Regulation, AI Governance, Council of Europe Framework Convention on Artificial Intelligence and Human Rights Democracy and the Rule of Law, AI Treaty, Labour Party Manifesto 2024, King's Speech 2024, EU AI Act, Human Rights, Equality, Discrimination, Privacy, Data Protection, PERSONAL DATA, Human Rights Act 1998, Equality Act 2010, Data Protection & Digital Information Bill, Digital Information and Smart Data Bill, Democracy, Rule of Law, AI Systems, Online Safety Act 2023, Disinformatoin, Transparency, Liability, Redress, ICO, Information Commissioner, Equality and Human Rights Commission, Digital Regulation Co-operation Forum, DRCF, AI Regulation White Paper, Accuracy, Reliability, AI Safety, AI Security, Risk Management, AI Safety Institute, DisinformationComment

A problem shared...

A problem shared...

As Iceland boss Richard Walker decried data protection and human rights laws for allegedly preventing him and his staff from sharing information with other retailers in order tackle the scourge of shoplifting, Handley Gill’s specialist data protection consultants consider how these and other laws apply to retailers and shopping centre operators and identify the steps retailers can take to lawfully share personal data for the purposes of preventing or detecting crime.

Nicola Cain3 September 2024Data Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Controller, Data Sharing, Data Sharing Agreement, Criminal Conviction & Offence Data, Article 10 UK GDPR, Section 11 Data Protection Act 2018, s.11 DPA 2018, Section 11(2) Data Protection Act 2018, s.11(2) DPA 2018, Section 10 Data Protection Act 2018, S.10 DPA 2018, Section 10(5) Data Protection Act 2018, s.10(5) DPA 2018, Retail, Retail Crime, Theft, Shoplifting, Data Protection Offences, Data protection impact assessment, DPIA, Appropriate Policy Document, Schedule 1 Data Protection Act 2018, Public Domain, Manifestly Made Public, NT1 & NT2 v Google LLC [2018] EWHC 799 (QB), Data Privacy, Misuse of Private Information, Article 8 ECHR, Article 8 European Convention on Human Rights, Rehabilitation of Offenders Act 1974, Retention Schedule, Data Retention, Section 170 Data Protection Act 2018, Prevention or detection of crime, Crime prevention, Crime detection, Human Rights Act 1998, Reputation Management, Defamation, Libel, SlanderComment

On Hand August 2024

August 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 August 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, Cyber Resilience, CONTENT REGULATION, Content Moderation, Online Safety, Online Harms, eSafety, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Confidential Information, Breach of Confidence, Freedom of Expression, Freedom of Speech, Free speech, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, AI, Artificial Intelligence, Digital Markets, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Information Commissioner, ICO, Monetary Penalty Notice, International data transfers, Restricted International Data Transfers, Media Act 2024, Generative AI & Data Protection, Generative AI, Generative Artificial Intelligence, CMA, Competition & Markets Authority, Children's Code, Institute of Directors, IoD, Responsible Business, FCA, Financial Conduct Authority, Data Protection Commission, Leveson, Press Recognition Panel, Press Regulation, Media Regulation, Data Controller, Data Protection Fee, Online Safety Act 2023, Illegal Harms, Digital Markets Competition & Consumers Act, DMCCAComment

Holiday packing list

Holiday packing list

With the summer holiday season in full swing, Handley Gill Limited’s specialist data protection and cyber resilience consultants consider the data protection and information security risks of staff taking data and devices used for business purposes overseas and the practical measures that organisations can take to safeguard data subject to border control powers.

Duty free?

Handley Gill Limited calls on the Institute of Directors to amend its proposed voluntary Code of Conduct for Directors of UK companies to reflect risk management as a core tenet of responsible business and to promote business resilience across supply chains, to help UK plc win the war on cyber crime and safeguard the UK’s people, property and prosperity.

On Hand July 2024

July 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management and free speech, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 July 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Defamation, Malicious Falsehood, Misuse of Private Information, Privacy, Confidential Information, Breach of Confidence, Article 8 European Convention on Human Rights, Free speech, Freedom of Speech, Freedom of Expression, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, AI, Artificial Intelligence, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Online Safety, Online Harms, eSafety, EU AI Act, Online Safety Act 2023, Digital Markets Act, Cookies, Contempt, EU Corporate Sustainability Due Diligence Directive, Information Commissioner, ICO, Information Commissioner's Office, Data Subject Rights, Data protection impact assessment, DPIAComment

King's Speech 2024

King's Speech 2024

Handley Gill’s consultants consider the implications of the Labour Party’s immediate legislative priorities as set out in the King’s Speech 2024 for data protection, privacy, reputation management, freedom of expression, online safety, cyber security, digital markets regulation, artificial intelligence (AI), content regulation, human rights and ESG, and identify the manifesto commitments that will be delayed.

Nicola Cain17 July 2024King's Speech, King's Speech 2024, State Opening of Parliament, AI Bill, Audit Reform & Corporate Governance Bill, AI, Artificial Intelligence, AI Regulation, ESG, Environmental Social & Corporate Governance, Online Safety, Online Harms, Children's Wellbeing Bill, CONTENT REGULATION, Advertising, Human Rights, Cyber Security, Hillsborough Law, Duty of Candour, Equality, Discrimination, Equality (Race and Disability) Bill, Strategic Defence Review, Data Protection, Reputation Management, SLAPPs, Strategic Litigation Against Public Participation Bill, Digital Markets, Fraud, Cyber Security and Resilience Bill, Digital Information and Smart Data Bill, Product Safety and Metrology Bill, Crime and Policing Bill, Digital Markets Regulation, Freedom of Information Act 2000, Access to InformationComment

A Herculean Labour?

A Herculean Labour?

Handley Gill’s specialist consultants consider what a Labour Party AI Bill, announced in the King’s Speech on 17 July 2024, will regulate, considering its manifesto commitments and the TUC’s proposed Artificial Intelligence (Employment and Regulation) Bill, and contrasting with Lord Holmes’ Artificial Intelligence (Regulation) Bill which fell at the dissolution of the last Parliament and the EU’s AI Act.

Off the rails?

Off the rails?

Handley Gill Limited’s specialist data protection and ESG consultants consider the results of the Information Commissioner’s Office’s Cyber Security Incident Trends Report for Q1 2024 and the implications for Sir Keir Starmer’s new Labour government, calling for a greater understanding of and focus on cyber and information risk management by directors and trustees.

Nicola Cain11 July 2024Cyber Security, Data Protection, Cyber Security Breaches Survey 2024, Department for Science Innovation and Technology, Information Commissioner, Information Commissioner's Office, Cyber Attack, Data Breach, Data Breaches, Data Breach Statistics, Data Security Incident Trends Report, National Cyber Security Strategy 2022, Directors' Duties, ESGComment

At your service

At your service

As the UK’s 58th Prime Minister, Sir Keir Starmer, enters 10 Downing Street following the Labour Party’s landslide victory in the 2024 General Election, Handley Gill’s consultants consider what we can expect for cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG.

Nicola Cain5 July 2024General Election 2024, Labour Party, Data Protection, Personal Data, UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, DPA 2018, UK GENERAL DATA PROTECTION REGULATION, Online Safety, Online Harms, eSafety, Online Safety Act 2023, Human Rights, Duty of Candour, Equality Act 2010, AI, Artificial Intelligence, Artificial Intelligence (Employment and Regulation) Bill, National Data Library, Regulatory Innovation Office, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, SLAPPs, Leveson 2, Strategic Litigation Against Public Participation Bill, Strategic Litigation Against Public Participation, Media Act 2024, PLATFORM REGULATION, CONTENT REGULATION, Radicalisation, Cyber Security, Cyber Resilience, Strategic Defence Review, Digital Markets, ESG, Environmental Social & Corporate Governance, Paris AgreementComment

A paradox of choice

A paradox of choice

Handley Gill Limited’s specialist consultants unpack the recent High Court decision in Harrison v (1) Cameron & (2) Alasdair Cameron Limited [2024] EWHC 1377 (KB), in which the High Court determined that data controllers responding to data subject access requests (DSARs) are obliged to disclose the specific identities of recipients of personal data, and are not permitted to merely disclose categories of recipient unless exceptions or exemptions apply.

Pledge or hedge?

Pledge or hedge?

Following the announcement of the snap General Election to take place on 04 July 2024, and the launch of the major parties’ manifesto pledges during London Tech Week 2024, Handley Gill analyses the manifesto pledges of the major UK-wide political parties and their implications for cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG.

Nicola Cain13 June 2024General Election 2024, GE2024, Data Protection, UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications Regulations, PECR, Artificial Intelligence, AI, Human Rights, Human Rights Act 1998, ESG, Environment, Environmental, Environmental Social & Governance, Environmental Social & Corporate Governance, Cyber Security, Digital Markets, Digital Services, Social Media, Technology, Technology Regulation, TECH REGULATION, Online Safety, Online Safety Act 2023, Online Harms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, SLAPPs, Advertising, Gambling, Access to Information, Freedom of Information Act 2000, Open Justice, Conservative Party, Labour Party, Liberal Democrats, Green Party, CONTENT REGULATION, PLATFORM REGULATION, Data Protection ReformComment

Security guaranteed?

Security guaranteed?

To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.

Nicola Cain12 June 2024Data Protection, Personal Data, UK GDPR, GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, Information Security, Cyber Security, Information Security Risk Assessment, Cyber Security Risk Assessment, Cyber Attack, Cyber Incident, Data Breach, Data Controller, Data Processor, Article 28 UK GDPR, Article 28 GDPR, Article 28(1) UK GDPR, Article 28(1) GDPR, Cyber Security Breaches Survey 2024, Department for Science Innovation & Technology, National Cyber Security Centre, NCSC, Supply Chain Risk, Supply Chain Security, Vendor Management, Supplier Management, ICO, Information Commissioner, Information Commissioner's Office, Data Security Incident Trends Report, London Tech Week 2024, LTW, LTW 2024, The Future of Security and Data, Cyber Resilience, Online HarmsComment

Right my wrongs

Right my wrongs

As the Information Commissioner’s Office conducts the fourth part of its consultation on generative AI and data protection focusing on data subject rights, ‘engineering individual rights into generative AI models’, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response, as well as highlighting areas not currently addressed in the draft guidance.

Nicola Cain9 June 2024Data Protection, PERSONAL DATA, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, Information Commissioner, Information Commissioner's Office, ICO, Data Subject Rights, SUBJECT ACCESS REQUEST, DATA SUBJECT ACCESS REQUEST, Data Subject Rights Request, Article 12 UK GDPR, ARTICLE 12(5) UK GDPR, Article 12 GDPR, Article 12(5) GDPR, Article 13 UK GDPR, Article 13 GDPR, Article 14 UK GDPR, Article 14 GDPR, Article 14(5)(b) UK GDPR, Article 14(5)(b) GDPR, Article 15 UK GDPR, Article 15 GDPR, Article 16 UK GDPR, Article 16 GDPR, Right to Rectification, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be Forgotten, RTBF, Article 18 UK GDPR, Article 18 GDPR, Right to restriction of processing, Article 19 UK GDPR, Article 19 GDPR, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Web Scraping, AI Training, AI Training Data, AI Transparency, AI Regulation, Generative AI & Data Protection, Engineering Individual Rights into Generative AI Models, Privacy Notice, Privacy PolicyComment

Washed-up or fallen down the plughole?

Washed-up or fallen down the plughole?

Following the announcement on 22 May 2024 of the snap General Election to take place on 04 July 2024, Parliament has been prorogued with effect from 24 May 2024 (meaning Parliamentary business is suspended thereafter) and will be dissolved with effect from 30 May 2024. The brief period between the announcement of the election and prorogation is known as wash up, when political parties must negotiate to pass outstanding Bills, or parts of them, or Bills fall. Prorogation also bring an end to the work of the various Parliamentary Committees. Handley Gill’s consultants consider which Bills have been washed up and which have fallen in the context of cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG, as well as the work of Parliamentary Committees which were either rushed out or dropped.

Nicola Cain5 June 2024General Election 2024, GE2024, Data Protection, Personal Data, Data Protection and Digital Information Bill, Media Bill, Media Act 2024, Digital Markets Competition & Consumers Bill, Digital Markets Competition & Consumers Act 2024, Human Rights, Duty of Candour, Joint Committee on Human Rights, Education Committee, Commons Education Committee, Screentime impact on education & wellbeing, Science Innovation & Technology Committee, House of Commons Science Innovation & Technology Committee, Artificial Intelligence, AI, AI Governance, Governance of Artificial Intelligence, Artificial Intelligence (Regulation) Bill, SLAPPs, Strategic Litigation Against Public Participation Bill, Criminal Justice Bill, European Affairs Committee, UK-EU Data Adequacy, Adequacy Decision, Cyber Security, Information Security, Cyber Resilience, Cyber resilience of the UK's critical national infrastructure (CNI), Commons Women & Equalities Committee, Non-consensual intimate image abuse, Revenge porn, Online Safety, Online Harms, DPDI Bill, OFCOM, Competition and Markets Authority, CMA, Strategic Lawsuit Against Public Participation, Strategic Litigation Against Public Participation, Data Protection Reform, UK GDPR, Victims and Prisoners Act 2024, Article 17 UK GDPR, Article 17 GDPR, Right to Erasure, Right to be ForgottenComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Time to regenerate

Time to regenerate

The Information Commissioner’s fourth call for evidence in its Generative AI consultation series on ‘engineering individual rights into generative AI models’ suggests that generative AI model developers should regenerate their privacy policies to ensure that they provide individuals with sufficient information to ascertain whether they have been affected by the web scraping of their personal data.

Consigned to a watery grave

Consigned to a watery grave

The snap General Election announced by Prime Minister Rishi Sunak for 04 July 2024, and the consequent curtailment of the Parliamentary session, will mean that there will be insufficient time for the remaining Parliamentary stages of the Data Protection and Digital Information Bill, including the House of Lords Report stage which was due to commence from 10 June, to be undertaken prior to the prorogation and dissolution of Parliament.

Nicola Cain22 May 2024Data Protection, Personal Data, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, Data Protection and Digital Information (No. 2) Bill, Data Protection and Digital Information Bill, DPDI Bill, DPDI (No.2) Bill, DPDI2 Bill, Data Reform Bill, Data Protection ReformComment

Breach? Don’t preach! Take some good advice!

Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!