Data in the News – December 2020
With Brexit transition approaching, we start this issue of Data in the News with the words of Elizabeth Denham of the ICO:
“It is perhaps a telling reflection on the past year that the end of the UK’s transition period with the EU has been a secondary concern for many DPOs in 2020. And yet the end of the transition period may bring the most significant change to data protection in the UK since the implementation of the GDPR three years ago.
There remains hope that an adequacy decision may yet be reached, which would allow the UK to continue to access the free flow of personal data provision granted for those within the EU. But organisations cannot rely on this. The stakes are too high, with the risk that the data flow tap from the EU is turned off, and with it the flow of HR records, customer details and data from cloud services.”
The ICO continues to offer to help businesses prepare and has a dedicated helpline for businesses, large or small looking for advice on how to prepare for the end of transition. If you need support call the helpline on 0303 123 1113 and select option 3 or contact us via live chat to speak to one of the ICO’s experienced case officers.
And now for the news …
On 31st December the Brexit transition period ends, and the EU GDPR will no longer be law in the UK. However, as we know, the UK government intends to write the GDPR into UK law, so from all practical perspectives, GDPR will continue to apply.
Therefore, UK organisations and individuals that process or transfer the personal data of EU citizens from the EU to the UK may need to take action to continue the free flow of data from the EU to the UK and guarantee the protection of EU data subjects. The action required will vary according to whether there is a deal (as set out in any withdrawal agreement) or no deal.
The U.K. Information Commissioner’s Office has set out a range of guidance and resources for organisations after the transition period ends, including advice on data protection and how to keep data flowing at the end of the transition period, as well as how to prepare if we do not have adequacy at the end of the transition period.
With negotiations on the edge, a no-deal Brexit is looking like a possibility. If we get to December 31st without a withdrawal agreement, how will this affect the transfer of personal data between the EU and UK?
Unless a Brexit withdrawal agreement is able to be made – and ratified – in the next six weeks which includes a data adequacy decision, the UK is set to become a ‘third country’ from a data protection perspective.
This means that from January 1st 2021, further measures and contracts will be required regarding transfers of personal data from Europe to the UK, adding an additional compliance burden to EEA companies that do business in the UK or have UK subsidiaries.
Data adequacy is all about demonstrating to the EU that a country is a safe place for data processing and storage, so that restrictions on transfers are not imposed. While you might expect that being granted data adequacy is just a formality for the UK in reality it’s much more complicated.
How much do political parties know about you - and how is it used to try to sway your vote?
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now, a report from the UK's
Information Commissioner's Office (ICO) puts the spotlight on the relationship between data brokers and the politicians here.
Before GDPR came into force in May 2018, monetary penalties for data breaches ranged from £1,000 ($1,300) to £500,000 ($670,000). After the new act was introduced, organizations could be fined up to €10 million ($12 million), or 2% of annual turnover, whichever is greater.
Figures unearthed via a Freedom of Information (FOI) request, however, show a
significant delay between fines being issued and being paid.
And finally …
COVID-19 has seen the rapid growth in digital technologies at work. While technology has helped to keep us safe over lockdown, it has led to the expansion of monitoring software to help employers check on staff working from home. Employers should notify workers, and unions, about plans to introduce technology that monitors or uses our personal data.
A recent survey suggests that 1 in 5 employers are tracking workers online or planning to do so. The most high-profile incidence was the introduction of a new productivity tool by Microsoft. Microsoft has now responded to concerns about the software by changing its privacy settings. It remains, however, the most mainstream example of the growth in surveillance software. Prospect research shows that the public are concerned about the risks of automated decisions and workplace surveillance.
#GDPR #personaldata #dataprotection #dataprivacy #GDPRbreach #dataprotectionbreach #Brexit #datahaven #datacompliance #UKdataprotectionbill #Brexittransition #EU #datatransfer #withdrawalagreement #thirdcountry #ICO #transition #trackingtechnologies #onlinesurveillance #digitaltechnologies