ICYMI June/July 2018

June 16, 2018

Data Protection Act 2018

The Act received Royal Assent on 23 May and most of
the Act was brought into force on GDPR-day.

The SCL website has a brief account of the Act and
a full run-down of the commencement dates arising from s 212 of the Act and the Data Protection Act
2018 (Commencement No. 1 and Transitional and Saving Provisions) Regulations
(SI 2018 No 625).

Law Commission Consultation on Search Warrants
in an Electronic Age

The Law Commission is to consult on proposals for
modernising the law on search warrants and has highlighted key issues
concerning electronic information. The consultation period ends on 5 September.

DCMS Consultation on Nuisance Calls and
Messages and Action against Directors

The Department for Digital, Culture, Media and
Sport has commenced a consultation on taking action against directors that
breach electronic marketing regulations. The DCMS describes the consultation
and its purpose as follows:

The Government has been clear that there is no
place for nuisance calls or texts in society, and are committed to addressing
this problem. This consultation seeks views on the current arrangements for
holding individual directors to account, including the option to amend the
Privacy and Electronic Communications Regulations to give the Information
Commissioner’s Office increased powers to impose fines of up to £500,000 on
those who breach the Regulations.

The consultation closes on 21 August.

EDPB Statement on the Revision of the ePrivacy

The newly created European Data Protection Board
has reviewed the draft ePrivacy Regulation and ‘has decided to offer further
advice and clarifications on some specific issues raised by the proposed
amendments’. The EDPB’s conclusions include:

The ePrivacy Regulation should not lower the
level of protection offered by the current ePrivacy Directive.

The ePrivacy Regulation should provide
protection for all types of electronic communications, including those carried
out by ‘Over–the-Top’ services, in a technology neutral way.

User consent should be obtained systematically
in a technically viable and enforceable manner before processing electronic
communications data or before using the storage or processing capabilities of a
user’s terminal equipment. There should be no exceptions to process this data
based on the ‘legitimate interest’ of the data controller, or on the general
purpose of the performance of a contract.

Article 10 should provide an effective way to
obtain consent for websites and mobile applications. Settings should preserve
the privacy of the users by default, and they should be guided to choose a
setting, on receipt of relevant and transparent information. The Regulation
should remain technology neutral to ensure that its application remains
consistent whatever the use cases.

The highest level of scrutiny should be applied
for any ad hoc exceptions that the legislators may wish to consider adding   any
broadly-framed exceptions for cases where ‘a public authority’ requests
processing of data should be carefully scrutinised.

In order for consent to be freely given, access
to services and functionalities must not be made conditional on the consent of
a user to the processing of personal data or the processing of information
related to or processed by the terminal equipment of end-users, meaning that
cookie walls should be explicitly prohibited.

The use of genuinely anonymised electronic
communication data should be encouraged.

Internet Safety Strategy Green Paper: DCMS
consultation response published

The Department for Culture Media & Sport has
published its response to a consultation on internet safety carried out between
October and December 2017. The response paper sets out the results of an online
survey (completed by just under 400 respondents) and summarises discussions
with some of the principal social media businesses. 

The result of the exercise is that a White Paper
will be published by the end of the year which will:

‘set out plans for upcoming legislation that will
cover the full range of online harms, including both harmful and illegal

Privacy by Design

The ICO has published expanded guidance on data
protection by design and default and new detailed guidance on automated
decision-making and profiling and the European Data Protection Supervisor has
published a preliminary opinion on the topic.