PL&B UK, Issue 99
September 2018


Lead story:
Jersey to stay in the European mainstream

By Dr Jay Fedorak, Information Commissioner, Data Protection Authority, Jersey.


Subscribe




Issue price: £85 + VAT

Also includes:

  • Are post-GDPR DP issues really new?
  • Q&A with Dr Jay Fedorak, Information Commissioner, Jersey
  • Brexit update: Data transfer issues remain unclear
  • ICO promotes using certification and codes of conduct
  • Data breach notifications surge
  • GDPR and data protection harms
  • Key contractual terms when appointing an external DPO
  • Cyber attack puts charity trustees’ duties under the spotlight
  • The work stream behind the Data Protection Officer of the Year Award
  • Managing data in a digital world
  • Isle of Man modernises law to follow the GDPR
  • House of Lords ponders Internet regulation
  • ICO calls for views on children’s data
  • DP Forum considers merger with NADPO
  • Facebook could be the subject of the first UK collective action DP cases
  • ICO seeks views on ‘Regulatory Sandbox’
  • Law firms eye collective action against BA

 

Publisher's Cover Note

Visiting Jersey last week, we found new Commissioner, Dr Jay Fedorak (p.1), optimistic about the way that Jersey’s new law is ensuring that this small but important jurisdiction for financial services, is making a good case for EU adequacy. His answers to our questions (p.4) provides the evidence to show how this case extends beyond the letter of the law to the resources that its government is deploying to make the new law work effectively from the perspective of a future adequacy assessment by the European Commission.

Brexit

The UK government is pressing forward preparing for a Brexit from the EU from the end of March next year (p.10).  A government paper, published yesterday, 13 September, has the title “How the collection and use of personal data would change if the UK leaves the EU in March 2019 with no deal”. The Department of Digital, Culture, Media and Sport recognises the threat of a no-deal and recommends that organisations resort to using standard contractual clauses in that situation. However, the paper has little or no new information for PL&B UK Report subscribers.

Elizabeth Denham, in her evidence to the House of Lords Communications Committee on 11 September (p.9) showed her well prepared for Brexit and confident of the UK’s position whatever the outcome. She said that the ICO can demonstrate international leadership and has led on 40% of all the Art. 29 DP WP and now the European Data Protection Board guidelines to interpret the GDPR. The ICO is a leader of the Commonwealth’s Common Thread, is a leader of the 50+ member Global Privacy Enforcement Network, and works closely with the US Federal Trade Commission. She stated: “We are globally connected. This work needs to continue after we exit the EU. We are the largest DPA in the world and we are leading an investigation into political campaigning and data analytics – the world is watching this investigation.”

Codes of Conduct and Certification

Regarding Codes of Conduct, she declared “The beauty of the GDPR is that it provides for codes of conduct and certification and co-regulation in specific areas of practice….Hardly anyone is reading terms and conditions. The GDPR gives us the ability to introduce certification and kite marks. People need a symbol to identify what is safe and what is not, almost a traffic light system.”

PL&B is building on the Data Protection community’s understanding, and potential use of, certification and codes of conduct by running a GDPR Help! Roundtable on 28th November - Helen Moores, the ICO’s lead on this subject, will explain its work and take your questions and suggestions on how you can contribute to, and benefit from, this work.

Regards,

Stewart Dresner
Publisher