The draft Investigatory Powers Bill was published by the UK Government on 4 November 2015. The provisions are intended to supplement or replace existing laws relating to interception of, access to and retention of communications and associated data.
There have been a host of changes to consumer law in England and Wales over the past couple of years, and it has been time-consuming (!) getting my head around them. I wanted to share a summary of key requirements and the applicable legislation, highlighting what has changed (and what has not).
October was a busy month for data protection, including a major ruling from the EU Court of Justice affecting the lawfulness of transferring personal data out of the EU; £330,000 worth of monetary penalties imposed on UK companies for misusing customer data, and a multitude of high-profile data security breaches.
On 6 October 2015, the Court of Justice of the European Union (CJEU) ruled that the EU Commission’s Safe Harbour Decision (2000/520/EC) is invalid. This means that EU organisations who transfer personal data to the US can no longer rely on the fact that the recipient is listed on the US Safe Harbour register to guarantee that they have overcome legal restrictions on such transfers.
On 2 July 2014, the ICO launched its annual report, containing details of its activities and financial statements between April 2014 and March 2015.
Question 1: Can a business review the social media accounts of its staff or customers and re-use information which it finds?
Question 2: Can an employer make employment decisions based on an employee’s activities on social media?
Information shared by others over social media such as Facebook, LinkedIn and Twitter can be useful to a business. It may help you decide whether to recruit employees or how to market to or engage with customers; you can then keep up to date with what they are doing to assist in managing your relationship; further analysis can assist you to improve your services and build up data assets.
However, legal requirements must be addressed in undertaking these types of investigative activities. This article seeks to answer the above questions in consideration of data protection and human rights laws, and additional concerns within the employment context.
“Please tick here to confirm you have read and agree to our privacy policy”
This is a phrase we see a lot when registering on websites, filling in forms, installing software and logging into apps. But how many of us can honestly say we always click through to the privacy policy and read the terms? Do we all need a lawyer on hand to help us to understand the complex provisions? Should an organisation be able to do whatever is written in its policy merely because we had the opportunity to read it and were forced to accept it? This article answers these questions and discusses some recent developments in relation to privacy notices.
Picture the scene: it is 1993 and the forward-thinking Telecommunications Manager at Big Industry Ltd has decided that e-mail communication (never before used at Big Industry) will be good for business. A provider is selected and is sent the company’s standard terms. It soon becomes clear to the provider that he has been presented with a contract for fax machine maintenance. This article looks at the frequent disconnect between the terms of technology contracts and the services which are actually being provided, and how to avoid these inappropriate terms.
Read Olivia’s article: “Technology contracts: creative relationship require creative agreements”, published by SCL: www.scl.org
Related Articles: