Category Archives: Public rights

GDPR and the new Data Protection Bill – A fine reputation!

Referring to the GDPR (see previous post), the Information Commissioner says, “This law is not about fines” but goes on to point out that: “It’s true we’ll have the power to impose fines much bigger than the £500,000 limit the DPA allows us.  It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.”

She then says: “it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm… the GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders.  While these will not hit organisations in the pocket – their reputations will suffer a significant blow…  And you can’t insure against that.”

You might think that’s just a different kind of scaremongering!

If you would like a short (4 page) briefing document setting out what SMEs need to be doing right now, please drop an email to karen.mason@novalex.co.uk. If you would like to attend a practical seminar in Milton Keynes on what the changes are and how to implement them, please sign up using this link:

https://www.eventbrite.co.uk/e/gdpr-a-new-era-in-data-protection-tickets-37869021262

GDPR and the new Data Protection Bill

Described by the Information Commissioner as “the biggest change to data protection law for a generation”, the General Data Protection Regulation (GDPR) attempts to bring data protection into the age of “big data”. It comes into force across the whole of Europe (including the UK) on 25th May 2018 which means that, if you process personal data, you don’t have long to get your data, systems and policies up to date and compliant.

In addition, the Data Protection Bill, which will replace the Data Protection Act 1998, had its first reading in the House of Lords on 13 September 2017. It is liable to change during the parliamentary process but is intended to provide “a comprehensive and modern framework for data protection in the UK, with stronger sanctions for malpractice”.

If you would like a short (4 page) briefing document setting out what SMEs need to be doing right now, please drop an email to karen.mason@novalex.co.uk. If you would like to attend a practical seminar in Milton Keynes on what the changes are and how to implement them, please sign up using this link:

https://www.eventbrite.co.uk/e/gdpr-a-new-era-in-data-protection-tickets-37869021262

European Commission communication on online platforms

The European Commission has published a communication on online platforms and the digital single market. The communication outlines a targeted, principles-based approach to fix problems flagged by respondents to the Commission’s September 2015 consultation on online platforms.

The key principles the Commission has applied are:

  • that it should create a level playing field so that comparable digital services are subject to the same or similar rules;
  • ensure that online platforms act responsibly;
  • foster transparency and fairness to maintain user trust and safeguard innovation; and
  • keep markets open and non-discriminatory.

The Commission is encouraging online platforms to undertake coordinated EU-wide self-regulatory efforts to curtail exposure to illegal and harmful content. The Commission says that it will consider whether to provide guidance for online platforms on their liability when putting in place voluntary, good-faith measures to fight illegal content online, since some online platforms had expressed concern about how the exemptions in the E-Commerce Directive would apply in such cases.

Other actions include taking steps to deal with ensuring that online ratings and reviews are trustworthy and that online platforms do not mislead consumers. In this regard, the Commission has published a revised Consumer Protection Cooperation Regulation and revised guidance on the Unfair Commercial Practices Directive.

European Commission proposes new e-commerce rules

On 25 May 2016, the European Commission tabled a package of measures to allow consumers and companies to buy and sell products and services online more easily and confidently across the EU.

The Commission has presented a three-pronged plan to boost e-commerce by tackling geoblocking, making cross-border parcel delivery more affordable and efficient and promoting customer trust through better protection and enforcement.

For geoblocking, the Commission is proposing legislation to ensure that consumers seeking to buy products and services in another EU country, be it online or in person, are not discriminated against in terms of access to prices, sales or payment conditions, unless this is objectively justified for reasons such as VAT.

For cross-border parcel delivery, the Commission is proposing a Regulation which will increase price transparency and regulatory oversight of cross-border parcel delivery services so that consumers and retailers can benefit from affordable deliveries and convenient return options even to and from peripheral regions.

The Commission is also proposing a revision of the Consumer Protection Cooperation Regulation will give more powers to national authorities to better enforce consumer rights.

New EU-US data transfer arrangement

The European Commission and the US have reached political agreement on a new framework for transatlantic data flows: the EU-US Privacy Shield.

The Commission says that the new arrangement will place stronger obligations on US companies handling EU citizens’ personal data and includes robust enforcement measures, including increased cooperation with European Data Protection Authorities (DPAs). It will also contain limitations, safeguards and oversight mechanisms on US government agencies’ access to EU citizens’ personal data and the US has ruled out indiscriminate mass surveillance.

The European Commission says that the new arrangement reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid because US government surveillance threatens EU citizens’ privacy and they have no judicial redress.