Fines, consultations, exports and openness: It's been a busy 24 hours!
It's been a very busy few days for IG professionals. Here's a quick round up in case you missed anything:
- The ICO announced it has issued its largest ever monetary penalty notice, £350,000, to a PPI lead generation company called Prodial Limited. The penalty was for persistent breaches of the Privacy and Electronic Communications Regulations. Prodial made over 46 million automated marketing calls in a four month period, the recipients had not given their consent, Prodial failed to properly identify itself and failed to act on requests to opt-out of receiving such calls. Somewhat depressingly, there are reports that the directors of the company have put it into liquidation, meaning that the chances of recovering the money are likely to be small.
- The European Commission published further details of the EU-US Privacy Shield. This is the proposed replacement for the Safe Harbor framework, which aims to legitimise transfers of personal data from the EU to the US. Included in the documents, which can be accessed here, is a copy of the Commission's draft adequacy decision. As you may remember, the Commission's previous adequacy decision for Safe Harbor was declared invalid by the Court of Justice of the European Union in the Schrems case (our previous commentary can be found here). There has clearly been a lot of work done by the US and EU authorities to try to meet the requirements of the CJEU, and ensure that the Privacy Shield proves more robust than Safe Harbor. However, this isn't quite the end of the saga. The adequacy decision remains in draft and will be subject to comments from data protection authorities before being finalised. Already, campaigners have signalled that they will challenge any adequacy decision relating to the Privacy Shield.
- The UK government launched a consultation on improving data sharing in the public sector. The consultation will run for 8 weeks and focusses on improving data sharing between public sector bodies. It makes clear that all data sharing must comply with the data protection principles and the forthcoming GDPR.
- Later today (1 March), the UK government's FOI Commission publishes its long awaited review of the Freedom of Information Act. The government has already announced that there will be "no legal changes", so we are not likely to hear about amendments to the Act itself. However, there may be minor changes recommended.
Finally, wishing you a very happy St David's Day/ Dydd Gwyl Dewi hapus from the Information Governance team at Blake Morgan!