Monthly Archives April 2018

Creepy or Cool?

When it comes down to deciding whether to process personal data under consent or legitimate interests – try thinking to yourself if you were the data subject (customer, client, supporter or employee) would you find it creepy or cool? If it’s creepy – it’s not the right thing to do. And you don’t need a lawyer to tell you that. I delivered this presentation at the recent IAPP Data Protection Intensive 2018 in London.

Read More

Speaking at the CIPD Learning & Development Conference 2018

Great to see so many people at the excellent CIPD Learning & Development Conference 2018 at Olympia, London on Thursday 26 April 2018. I managed to catch up with my colleagues at the Henley Business School stand as well as bump into my publisher Helen Kogan, CEO, Kogan Page!  I delivered a presentation about GDPR and HR – busy times!

Read More

‘Surveillance Capitalism’ – will it survive post-GDPR?

Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?

Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.

The class action reads as follows:

1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users. (see Shoshana Zuboff, Big Other: Surveillance Capitalism and the Prospects of an Information Civilization, 30 J. Info. Tech. 75 (Apr. 4, 2015), available at http://ssrn.com/abstract=2594754).

2...

Read More

GDPR by Royal Appointment

Read More

The joys of data hygiene

Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!

Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.

Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”

Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).

The GDPR is a deliberate move away from a ‘tick-box’ approach of the Data Protection Directive 95/46/EC that it replaces and moves to a risk-ba...

Read More

Lack of transparency with Facebook and other social media sites will be forced to come to an end as a result of GDPR

The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days from today.

Rights over personal data are enshrined in the EU’s Charter of Fundamental Rights and EU citizens now have...

Read More

Follow the leader. Why the US needs to learn the lessons of data protection from Europe

Read More