Beyond the headline fines: preparing for post-GDPR ICO scrutiny and enforcement

As fines grab the headlines, Debevoise & Plimpton London partners Karolos Seeger and Jane Shvets and associate Robert Maddox analyse the UK data protection watchdog’s new investigative powers.

29 October 2018

GDPR a success but a work in progress, regulators say

A panel of European data protection officials has agreed the GDPR has been a success so far – but that there is still work to be done.

26 October 2018

Cathay Pacific data breach first since new guidelines

The day after Hong Kong’s privacy commissioner released guidelines calling for “respectful, beneficial and fair” data processing, the region’s flag carrier Cathay Pacific Airways has announced that it suffered a data breach affecting up to 9.4 million people.

26 October 2018

Facebook ordered to pay UK maximum pre-GDPR fine

The UK’s data watchdog has ordered Facebook to pay £500,000 (€564,726) after it failed to prevent an app from harvesting millions of users’ personal data.

25 October 2018

EU regulators need educating on cybersecurity, says former US prosecutor

A former US Department of Justice prosecutor has said Europe has “some catching up to do” on cybersecurity despite being ahead of the US on data privacy, and detailed a case that saw a European regulator getting in the way of a breach response.

11 October 2018

UK financial watchdog fines Tesco Bank £16.4 million

The UK’s Financial Conduct Authority has ordered Tesco Bank to pay £16.4 million (€18.4 million) following a “largely avoidable” 2016 hack.

02 October 2018

ECJ lowers threshold for interference with data rights in criminal investigations

The EU’s highest court has ruled that access to personal information retained by telecommunications providers may be justified in criminal investigations, even where the alleged offence is not serious.

02 October 2018

AggregateIQ challenges ICO jurisdiction

GDR can reveal that AggregateIQ, the target of the UK’s first known enforcement decision under its GDPR framework, claims that the Information Commissioner's Office lacks jurisdiction over the Canadian company and is unlawfully trying to retroactively apply its new powers.

01 October 2018

UK health insurer fined over security failures

The UK Information Commissioner’s Office has fined healthcare insurer Bupa £175,000 for failing to have effective security measures in place to protect customers’ personal information.

28 September 2018

Pressure mounts on Canada to extend privacy rules to political parties

A Canadian privacy commissioner has found that it has no jurisdiction to enforce privacy rules on a provincial political party, just days after federal and state privacy commissioners called on the government to introduce legislation to cover data handling by political parties.

26 September 2018

Get unlimited access to all Global Data Review content