European Data Protection Bulletin: May 2022

Written By

ruth boardman module
Ruth Boardman

Partner
UK

I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.

ariane mole module
Ariane Mole

Of Counsel
France

I am a partner and co-head of our firm's International Data Protection Group. Thanks to many years of experience dedicated to data protection, I can provide innovative and practical solutions to clients around the world.

elizabeth upton module
Elizabeth Upton

Legal Director
UK

I'm a legal director in our London Privacy and Data Protection Practice working with clients in many of our key sectors.

Welcome to our European Data Protection Bulletin covering recent developments from last few months.

 

Particular highlights in this edition include:

  • Updates on ICO Guidance on video surveillance, anonymisation and research; and
  • EDPB Guidelines on Codes of Conduct for Data Transfers and draft Guidelines on the use of Dark Patterns in Social Media.

Use the links below to navigate through our newsletter:

European Union

EDPB

United Kingdom

ICO

UK Cases

UK Enforcement

ICO Enforcement

Information Tribunal Appeal Cases

Download the Bulletin here


EDPB

The EDPB has recently issued finalised Guidelines on Codes of Conduct as tools for transfers as well as publishing Draft Guidelines on dark patterns in social media platform user interfaces. These Draft Guidelines examine a number of dark patterns through examples and use cases and provide recommendations to designers and users of social media platforms on how to assess and avoid such practices.

Read more here


Information Commissioner’s Office (ICO)

The ICO has issued updated Guidance on Video Surveillance which focusses mainly on CCTV but also addresses other technologies such as Facial Recognition Technology, ANPR, machine learning algorithms, dashcams and smart doorbells and contains recommendations for ensuring that their use is aligned with data protection law requirements. The ICO has also released two further chapters of its Anonymisation Guidance for consultation: Chapter 3 (Pseudonymisation) and Chapter 4 (Accountability and governance). Lastly, in April 2022, the ICO closed a consultation into its new proposed guidance on the research provisions in the UK GDPR and the DPA 2018.

Read more here


UK Cases

In this month's bulletin, we discuss the recent Court of Appeal decision of 'Brake v. Guy [2022] EWCA Civ 235 which found that an employee had no reasonable basis to expect privacy in respect of personal emails sent using a shared work account. This case focuses on the law of misuse of private information and the factors which will undermine a reasonable expectation of privacy.

Read more here


UK ICO Enforcement

The ICO has been particularly active in the last couple of months with PECR monetary penalties and enforcement notices particularly against organisations making unsolicited marketing calls to vulnerable older individuals. There has also been an Enforcement Notice for failing to respond to a DSAR and a monetary penalty for a security breach caused by a ransomware attack under the GDPR.

Read more here


Information Tribunal Appeal Cases

The case that we present this month an Information Tribunal appeal against the imposition of a monetary penalty for failure to pay the £60 data protection fee. Click on the link below to discover the outcome.

Read more here

Latest insights

More Insights
Curiosity line green background

China Cybersecurity and Data Protection: Monthly Update - December 2024 Issue

17 minutes Dec 23 2024

Read More
featured image

EDPB weighs in on key questions on personal data in AI models

1 minute Dec 20 2024

Read More
Curiosity line blue background

Australia’s first standalone cyber security law – the Cyber Security Act 2024

Dec 18 2024

Read More