Reporting on developments in data, privacy and cyber occurring throughout September 2023, the DACB Data, Cyber and Privacy newsletter has analysis on the biggest development of the last month; the conclusion of the Parliamentary progression of the Online Safety Bill. We have set out our analysis of the final version of the Bill, and what it means for those organisations affected.
We also provide an update on the recent adequacy regulations establishing a data bridge with the United States through the UK Extension to the EU-US Data Privacy Framework, along with a review on the nascent challenges to the Data Privacy Framework in the EU.
We have commentary on the implications of the signing of a Memorandum of Understanding between the ICO and National Cyber Security Centre (NCSC) and consider a recent Which? report on the data collection practices of internet-connected smart devices.
Finally, we consider recent communications from the FCA heralding the growth of the global cyber market but also raising concerns about the suitability of policy wordings.
Also in brief for September:
- The National Crime Agency and NCSC issued a white paper considering the impact and business models of ransomware and extortion attacks.
- The Information Commissioner issued an advisory notice calling for an immediate end to the use of original source excel spreadsheets when responding publicly to Freedom of Information Act (FOI) requests.
- The ICO issued a warning to organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger, following the issue of 7 reprimands relating to this issue in the last 15 months.
- Following our review of the dispute between Meta and the Norwegian Data Protection Authority, there was confirmation of the failure of Meta's challenge and subsequent steps by the Norwegian DPA referring the ongoing fine to the European Data Protection Board.
The UK's Online Safety Bill over the Parliamentary line: what you need to know
Having completed its parliamentary journey, the Online Safety Bill now awaits Royal Assent. We analyse the next steps that will be undertaken once the Bill becomes an Act, considering those aspects which will take effect immediately, and elements subject to secondary legislation in the future.
The UK-US Data Bridge and the implications for transatlantic data transfers
Regulations have been laid before the UK Parliament establishing a data bridge with the United States through the UK extension to the EU-US Data Privacy Framework. Taking effect from 12th October, we assess whether this step will finally simplify transatlantic transfers for UK businesses.
Legal challenges to the EU-US Data Privacy Framework underway
We consider the ongoing and expected challenges to the EU-US Data Privacy Framework, as a French MEP leads the way by seeking an immediate annulment of the adequacy decision and amendments to the existing text.
ICO and NCSC Memorandum of Understanding: the practical implications for corporate victims of cyber-attacks
Following the agreement of the MoU between the ICO and NSCS, we highlight relevant points of interest to organisations who have experienced a cyber-attack including reporting incentives, benchmarking for appropriate cyber security and information sharing.
In the Spotlight: Processing Children's Personal Data in Ireland and beyond
We review the principles for processing children's personal data in Ireland and beyond, considering examples where organisations have fallen foul of these fundamentals, and the ongoing focus of protecting this type of data.
Smart devices and a legitimate interest in personal data
We consider the implications of a recent report from the consumer organisation Which? on the data collection practices of internet-connected smart devices.
FCA heralds growth in cyber but raises concerns
In a letter to insurers on the FCA's priorities for 2023-2025, the Director of Insurance has highlighted concerns about the growing cyber market, specifically the risk of policy wordings inadequate for customers' needs and the relevant expertise at board level to understand the risk of cyber insurance underwriting.
