Data

The Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc (TikTok) for a number of breaches of data protection law, including failing to use children’s personal data lawfully.

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/04/ico-fines-tiktok-127-million-for-misusing-children-s-data/

Draft legislation published by the UK government would significantly alter existing data protection law in the country if enacted but also closely resembles abandoned proposals that were introduced before the UK parliament last summer, according to experts at Pinsent Masons.

https://www.pinsentmasons.com/out-law/news/data-protection-law-reforms-set-out-in-the-uk

Turns out the UK government, under current prime minister Rishi Sunak, is not replacing the GDPR, as Michelle Donelan, his secretary of state for science, innovation and technology, implied last October — when as a fresh-in-post digital secretary under a different PM, she paused the flagship data protection reform, saying the government wanted to rethink its approach and inviting businesses to “co-design” the legislation with her.

https://techcrunch.com/2023/03/08/uk-data-reform-bill-no-2/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLw&guce_referrer_sig=AQAAAL-WCsCECHG2oqb6GXIfgRoZDiYEoC4R3Qrmdc--8zPwPDIoXDak5rd4bgv1sd7F8jlrg-5oG_4KkUlO9R-SXaj8FS_IVBuzWn4EefudNVKksqeTMqX7kecHZeUQQq4EvIEJsuURsSVphguuPhTUdgpcjTiE5Y1hN_f04P3Q76P_

The European Commission plans to “streamline” the way data protection authorities (DPAs) across the EU cooperate with one another when enforcing the General Data Protection Regulation (GDPR).

https://www.pinsentmasons.com/en-gb/out-law/news/gdpr-enforcement-cooperation-streamlined

Privacy Shield 2.0, a new framework for transferring personal data from the EU to the US, could be in effect by spring 2023 after the European Commission published a draft decision endorsing the framework on Wednesday.

https://www.pinsentmasons.com/out-law/news/privacy-shield-20-euus-data-transfers-decision-drafted

Strict requirements are outlined in UK and EU data protection laws in relation to the international transfer of personal data.

https://www.pinsentmasons.com/en-gb/out-law/guides/international-transfers-schrems-ii-gdpr

Major technology providers could rethink how they package arrangements around the sub-processing of personal data into the products and services they offer businesses in response to new guidance issued by the UK’s data protection authority, an expert has said.

https://www.pinsentmasons.com/en-gb/out-law/news/ico-data-transfers-guide-clarifies-data-exporter-role-in-sub-processing

Businesses should review the basis on which they are transferring personal data internationally ahead of a looming EU compliance deadline that falls before the end of the year, data protection experts have said.

https://www.pinsentmasons.com/en-gb/out-law/news/eu-deadline-looms-for-data-transfer-contracts-remediation

Companies that are not established in the EU could face more uncertainty when reporting a data breach involving EU data subjects and complying with the General Data Protection Regulation (GDPR), due to a proposed change to remove the “one-stop shop” reporting mechanism.

https://www.pinsentmasons.com/out-law/news/uk-non-eu-businesses-face-uncertainty-gdpr-data-breach

Businesses can expect to see a continued push towards a more global approach to data protection in light of an EU review into the implementation of the General Data Protection Regulation (GDPR).

https://www.pinsentmasons.com/en-gb/out-law/analysis/gdpr-review-global-data-protection