Welcome to the May edition of our Data And Cyber Bulletin.Welcome to May’s edition of the Data and Cyber Bulletin, with fascinating content covering the recent fine imposed by the ICO on Clearview AI along with a review of the recently announced Data Reform and Cybersecurity of Smart Technologies Bills.
We also provide insight into the EDPB guidelines on the calculation of fines under the GDPR, and the Austrian DPA’s decision regarding the legality of Google Analytics, following a complaint by noyb.
Finally, we are delighted to share a feature article on cyber incidents and how to manage the employee fallout. We hope you enjoy this month’s newsletter. Please do contact the authors of this month’s newsletter content if you have any questions.
Facial recognition: Clearview AI fined more than £7.5m by the ICO
We consider the ICO’s recent fine against Clearview AI for using images of people in the UK that were collected from the internet and social media to create a global database to be used for facial recognition.
Queen's Speech 2022 - Data Reform Bill
We summarise the salient points of the Data Reform Bill which was announced earlier this month in the Queen’s Speech, and which is likely to result in the reform or repeal of the Data Protection Act 2018 and the UK GDPR.
Cybersecurity of Smart Technologies – New Product Security and Telecommunications Infrastructure Bill
Following the Queen’s Speech delivered on 10 May 2022 the Government announced the Product Security and Telecommunications Infrastructure Bill. This article looks at how The Product Security Bill is a key development in the Government’s ongoing commitment to improving cybersecurity in a diverse range of smart-products.
EDPB adopts guidelines on the calculation of fines under the GDPR
We provide a summary of the Product Security and Telecommunications Infrastructure Bill which was announced earlier this month in the Queen’s Speech, which seeks to improve cybersecurity in a diverse range of smart products.
Schrems II releated enforcement actions continue to rise: Google’s “risk-based approach” for data transfers violates GDPR
We provide insight into the recent Austrian DPA’s second decision regarding the legality of Google Analytics following a complaint by nyob.
PLC Feature: Cyber Incidents - Managing the employee fallout
This article looks at the key practical and legal considerations for employers in their capacity as data controllers when:
(i) preparing for a cyber incident;
(ii) managing the initial incident response phase;
(iii) dealing with the longer term fallout from a cyber incident; and
(iv) considering what forms of redress employees might seek.
This article first appeared in the May 2022 issue of PLC Magazine (http://uk.practicallaw.com/resources/uk-publications/plc-magazine)
We hope you enjoy this month’s newsletter. Please do contact the authors of this month’s newsletter content if you have any questions.
