Privacy & Data Snapshot: Autumn Edition

Monday 24th October 2022

Welcome to the first edition of our quarterly privacy and data protection roundup, which gives you a high-level summary of current issues and news in relation to privacy and data protection… 

New Contractual Requirements for International Transfers

The UK’s International Data Transfer Agreement (IDTA) and the Addendum to the EU Standard Contractual Clauses, which were introduced in March, must be used in new contracts from September 21, 2022, where personal data is transferred from the UK to a ‘restricted territory’.

These documents replace the legacy EU Standard Contractual Clauses and are to be used as an ‘adequate safeguard’ to transfer personal data from the UK. For more information about the new documents and when they should be used, click here.

gordons llp UK data protection and digital information bill

UK Data Protection and Digital Information Bill – Can We Really Overhaul the GDPR?

The second reading of the UK’s Data Protection and Digital Information Bill is expected to take place in the next few months. The UK sees itself as a world leader in driving innovation and wants to remove ‘red tape’ imposed by the legacy EU GDPR.

Whilst many organisations welcome less onerous data protection obligations (such as removing the requirement for a DPO or record of processing activities), we have explored some of the key issues with overhauling our data protection framework and what that may mean for UK businesses here.

Instagram Fined €405million by Irish DPC

Big tech and social media companies have come under the spotlight recently, including Instagram, owned by Meta, being fined €405 million (£349 million) by Ireland’s privacy regulator, the second largest fine we’ve seen under GDPR, for allowing 13 to 17-year-old users’ contact details be displayed on the app by default.

Whilst it feels like large regulatory fines are aimed at big tech, child personal data is given special protection under data protection laws and organisations should be mindful of privacy concerns when offering goods/services to those under 18.

Click here for an overview of the key considerations to have in mind when processing child personal data.

Cookies Crumbling: The Future of Third-Party Cookies

Third-party cookies are used by advertisers to track and view a website visitor’s browsing history so that they can tailor their products or services and personalise the user experience. In recent years there has been growing concern as to whether users are making an informed choice where extensive and far-reaching types of tracks are taking place through the use of third-party cookies.

With Google looking to join big players in tech in moving away from third-party cookies, what’s next for online advertising? We have explored some of the key issues here.

Dark Patterns: Legal Issues with User-Interface Designs

The term ‘Dark Patterns’ describes user interface design features which aim to convince a user into making a particular decision, whilst benefitting the business in question. For example, a cookie consent mechanism with a large and coloured ‘accept’ button, but a greyed-out ‘reject’ button which is almost illegible.

Some dark patterns call into question valid consent under data protection laws but also risk breaching consumer laws for failing to meet transparency and fairness requirements.

For more information about the legal points to consider when looking at user interface designs, click here.

ICO Enforcement Trends: Breaches of Direct Marketing Rules

The Information Commissioner’s Office has picked up the pace of enforcement action in 2022. Not surprisingly, most of the action it has taken relates to breaches of direct marketing rules under the Privacy and Electronic Communications Regulations 2003 (nuisance marketing/marketing without a lawful basis). Linked to this is the misapplication of the ‘soft-opt in’ exemption which, if applied correctly, allows businesses to market to existing customers without express consent.

To view a summary of some of the key recent ICO enforcement actions, click here.

If you have any questions or would like to discuss your business’ privacy and data protection compliance, feel free to email one of our experts today.