Latest Articles

The Select Committee on Communications of the House of Lords (Committee) published a report discussing UK regulation of ‘digital services facilitated by the internet’. We summarise some of the key recommendations of the report, which was published on 9 March 2019: 1. A central regulatory body called the Digital Authority should be set up to co-ordinate internet regulation. 2. All future internet regulation should be informed by 10 common principles: Parity: ensuring online and offline…
In a recent request for a preliminary ruling in a case concerning Amazon, the Advocate General Pitruzzella (AG) has given his opinion that the Consumer Rights Directive (2011/83/EU) (CRD) requires traders to offer their consumers a choice of means of communication, but this is not confined to the trader’s telephone number. The CRD includes the trader’s telephone number, fax number and e-mail address, “where available, to enable the consumer to contact the trader quickly and communicate with…
On 18 February 2019, the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) updated their Memorandum of Understanding (MoU) with an aim to reinforce and develop their cooperation, collaboration, and information and intelligence sharing. Cooperation and information sharing The ICO and FCA have set out what matters they will communicate with each other and the exchange of information between them. Subject to legal restrictions on the disclosure of information, the ICO and FCA…
On 26 February 2019, the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, published his first annual report since the General Data Protection Regulation (GDPR) came into force last year. This is a short overview of some of the key themes in the EDPS’s annual report: Overview of 2018: GDPR: This is the first annual report of the EDPS since the GDPR ((EU) 2016/679) came into force on 25 May 2018, bringing in…
The European Data Protection Board (EDPB) has adopted guidelines in relation to the certification mechanism prescribed under the General Data Protection Regulation 2016/679 (GDPR). The EDPB guidelines are aimed at supervisory authorities and certification bodies and provide helpful insight into the requirements and criteria relevant to all types of certification mechanisms issued under articles 42 and 43 of the GDPR. Certification The EDPB, supervisory authorities and certification bodies are required to encourage certification mechanisms and…
On 6 March 2019, the Information Commissioner’s Office (ICO) will host a fact-finding forum in central London. The aim of this forum is to facilitate a dialogue between ad-tech stakeholders. The ICO wants to understand the complexities of ad-tech practices. Why ad-tech? ‘Ad-tech’ is the product of technology’s transformation of the advertising industry. It uses personal data to compile a personal profile, which is then used to decide whether or not to target an individual…
On 12 February 2019, the European Data Protection Board (EDPB) met for its seventh plenary session. You can see our blog on the full session here. At this session, the EDPB adopted two information notes. The information notes offer guidance on data protection issues in the event of a no-deal Brexit, namely: data transfers generally and binding corporate rules lead supervisory authorities (BCR lead). Data transfers in the event of a no-deal Brexit The…
The European Data Protection Board (EDPB) met for its seventh plenary session on 12 February 2019. The session covered many areas of discussion, outlined in the agenda. The four main areas covered, and highlighted in the EDPB’s press release, were: 1. Work programme: The EDPB adopted a two-year work programme, covering 2019-2020. The work programme has been designed based on priority needs for individuals, stakeholders and EU legislators. Examples of activities that…
The European Data Protection Board (EDPB) recently adopted its opinion on the interplay between the Clinical Trials Regulation 536/2014 (CTR) and the General Data Protection Regulation 2016/679 (GDPR) (the opinion). The opinion was given at the request of the European Commission. The CTR seeks to harmonise the rules for conducting clinical trials throughout the European Union, and the request for an opinion stemmed from an acknowledgement of the crucial interplay between these two pieces of…
On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union. On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of mutual recognition of the adequate level of data protection. According to Věra Jourová, European Commissioner for Justice, Consumers and Gender…