A round-up of other techlaw news from the past week not covered separately on the site
ICO publishes statement on Kings Cross facial recognition and launches investigation
Elizabeth Denham, Information Commissioner, has issued a statement on the use of live facial recognition technology in King's Cross. She says: “Scanning people’s faces as they lawfully go about their daily lives...to identify them, is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding”. She is concerned about the growing use of facial recognition technology in public spaces, not only by law enforcement agencies but also increasingly by the private sector. The ICO and the judiciary are both independently considering the legal issues and whether the current framework has kept pace with emerging technologies and people’s expectations about how their most sensitive personal data is used.
International Standard on privacy information management published by ISO
The International Standards Organization has published a new standard on privacy information management. It says that cybersecurity is a growing concern, with attacks against business almost doubling over the last few years and becoming an increasingly significant threat to global stability. According to IBM, the average cost of a data breach is US$3.6 million. Laws and regulations are rapidly being put in place to reduce these risks and protect digital privacy. The new standard aims to help organisations keep on top of these requirements and protect themselves at the same time. The new standard specifies the requirements for establishing, implementing, maintaining and continually improving a privacy-specific information security management system. It is a management system for protecting personal information and builds on a previous standard for information technology security techniques.
UK government issues guidance on geo-blocking if there is a no deal Brexit
The UK government has issued guidance on geo-blocking if there is a no deal Brexit. It covers how restricting access to online content (geo-blocking) between the UK and EU will be regulated. Businesses do not need to take any action to prepare for changes to geo-blocking rules. Traders from the UK, EU and other non-EU countries will no longer be obliged to comply with the Geo-blocking Regulation 2018/302 for customers based in the UK. This means a trader can redirect UK and EU customers to different versions of a website, offer different terms of access to EU customers compared to UK customers, and will be less restricted in choosing which payment methods they accept. Traders who are already complying with the Regulation before Brexit will not need to take any additional steps to continue complying afterwards. UK traders who wish to continue selling goods and services into the EU will continue to be bound by the provisions of the Regulation when dealing with customers in different EU countries.
ICO issues guidance on data protection for town and parish councils
The ICO has launched some bite-sized resources which address the top three GDPR compliance challenges that it has identified for local councils. The first is own devices – holding personal data on personal laptops or mobile phones and the use of non-council email addresses by councillors instead of the council system. The second is data audits - retention of information ‘just in case’ it could be useful does not mean that it is necessary or proportionate to hold on to it. Councils could benefit by giving their records a good spring clean, deleting or destroying old data sets that have built up over time. Parish councils often do not have formal handover processes in place to ensure clerks who are moving on hand over relevant data to the new clerk and delete or destroy the rest. The final issue is data sharing – councils struggle with knowing how to share data appropriately with services such as leisure centres. They worry about potential conflicts between different pieces of legislation and are not sure whether to publish residents’ names in council minutes, or how to redact them. The ICO’s new guidance aims to address these concerns.