Get the Guru Newsletter

Category Thought Leadership

Implications for data privacy in the UK in the wake of a deal or ‘no deal’ Brexit

May 29, 2020, Categories  Council of Ministers, data protection, EU General Data Protection Regulation, European Commission, European Data Protection Supervisor, News, Thought Leadership Comments No comments

Having left the European Union (EU) on 31 January 2020, the UK is currently in a Brexit transition period that runs out on 31 December 2020. Whilst the other 27 Member States of the EU have been grappling with containing the Covid-19 pandemic, you could be forgiven for thinking these countries as well as the UK have taken their eyes off the ball when it comes to striking a Brexit deal.

If you think that to be the case, think again.

If the UK wants an extension, it will need to ask for this by 30 June 2020 and the European Commission has already indicated that in the circumstances this would be granted...

Read More

Power-list of influences in the data privacy landscape

May 30, 2018, Categories  News, Thought Leadership Comments No comments

Read More

Facebook/Cambridge Analytica data breach offers an objective lesson in why companies should be wary of encouraging users to share contact information

May 30, 2018, Categories  News, Thought Leadership Comments No comments

Does your company have consumer data it isn’t legally authorized to possess?

Don’t be too quick to answer. Many ethical, lawfully managed businesses do have such data — and it comes from a surprising source: their customers, who inadvertently share the personal data of their family, friends, and colleagues.

The lack of awareness regarding peer-dependent privacy is one way that London-based Cambridge Analytica Ltd. was able to collect the personal information of more than 71 million Facebook users, even though only 270,000 of them agreed to take the now-bankrupt company’s app-based personality quiz. Cambridge Analytica reportedly knew what it was doing, but any compa...

Read More

US companies are behind the curve on understanding how GDPR impacts their businesses

May 12, 2018, Categories  EU General Data Protection Regulation, European Commission, European Parliament, GDPR Handbook, Legal update, News, Thought Leadership Comments No comments

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply to ...

Read More

Dot Gone! The end of the road for Whois

May 2, 2018, Categories  EU General Data Protection Regulation, News, Thought Leadership Comments No comments

It’s the end of the road – and the end of an era – for the Whois service as its US-based parent ICANN fails to find a solution to continue the service that isn’t a breach of the General Data Protection Regulation (GDPR).

According to its Wikipedia entry, Whois is a ‘query and response protocol that’s widely used for querying databases that store the registered users or assignees of anInternet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.’

The Whois system publishes the name, address and tele...

Read More

Creepy or Cool?

April 28, 2018, Categories  EU General Data Protection Regulation, Henley Business School, News, Thought Leadership Comments No comments

When it comes down to deciding whether to process personal data under consent or legitimate interests – try thinking to yourself if you were the data subject (customer, client, supporter or employee) would you find it creepy or cool? If it’s creepy – it’s not the right thing to do. And you don’t need a lawyer to tell you that. I delivered this presentation at the recent IAPP Data Protection Intensive 2018 in London.

Read More

‘Surveillance Capitalism’ – will it survive post-GDPR?

April 28, 2018, Categories  EU General Data Protection Regulation, GDPR Handbook, Henley Business School, Legal update, News, Thought Leadership Comments No comments

Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?

Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.

The class action reads as follows:

1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users...

Read More

GDPR by Royal Appointment

April 28, 2018, Categories  EU General Data Protection Regulation, European Commission, Guru in a Bottle, Henley Business School, News, Thought Leadership Comments No comments

Read More

The joys of data hygiene

April 7, 2018, Categories  EU General Data Protection Regulation, European Commission, GDPR Handbook, Henley Business School, News, Thought Leadership Comments No comments

Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!

Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.

Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”

Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).

The GDPR is a deliberate mo...

Read More

Lack of transparency with Facebook and other social media sites will be forced to come to an end as a result of GDPR

April 7, 2018, Categories  EU General Data Protection Regulation, European Commission, Guru in a Bottle, Henley Business School, Legal update, News, Social marketing practice, Thought Leadership Comments No comments

The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days fr...

Read More