Category: UK

UK Information Commissioner gives opinion on EU-U.S. Privacy Shield

25. April 2016

The UK Information Commissioner, Christopher Graham, issued last week his opinion about the EU-U.S. Privacy Shield. He criticized the reluctance of the U.S. authorities to make amendments on the agreement. On the 13th April, the Article 29WP also called American negotiators for clarification of some aspects of the Privacy Shield such as data transfers, the institution of the ombudsman or the justification for the collection of personal data, etc. Graham also remarked that the ECJ will also ask for clarification regarding these points and invited both American and European authorities to provide the required clarification.

On the other side, Stefan Selig, U.S. undersecretary of commerce for international trade, affirmed that the opinion issued by the EU Data Protection Authorities will be revised carefully. However, he believes that the current draft of the EU-U.S. Privacy Shield achieves a balance of interests for both parties.

Graham also remarks the importance of reaching an agreement regarding international data transfers, so that the English DPA (ICO) can focus on providing support to organizations regarding the implementation of the GDPR that will be effective on the first half of 2018.

UK’s Information Commissioner demands prison penalties for serious data offences

22. July 2013

Information Commissioner Christopher Graham said, that people who misuse personal information should face tougher penalties, including the threat of prison in the most serious cases.

The Information Commissioner referred to a case in which a former manager of a health service based at a council-run leisure centre was prosecuted by the Information Commissioner’s Office for unlawfully obtaining sensitive medical information belonging to more than 2,000 people. The manager used the information, which he had sent to his personal email account, to approach patients to advertise a similar service he had set up.

The manager was  prosecuted under section 55 of the Data Protection Act and fined £3,000. He was also ordered to pay a £15 victim surcharge and £1,376.50 prosecution costs.

Mr. Graham issued following statement:

“Nobody expects that their health records will be taken and used in this way. The manager [name removed ] had been told about the need to keep patients’ details confidential, but he decided to break the law to benefit his new business. At very least, behaviour of this kind should be recognised as a ‘recordable offence’ which it isn’t now. For the most serious cases the current ‘fine only’ regime will not deter and other options including the threat of prison should be available. The necessary legislation for this is already on the statue book but needs to be activated. The government must ensure that criminals do not see committing data theft as a victimless crime and worth the risk.”

Category: UK
Tags: , ,

UK Ministry of Justice clarifies Negotiating Position on proposed EU Data Protection Regulation

4. July 2012

According to a report by huntonprivacyblog.com, the UK Ministry of Justice outlined its negotiating position on the basis of a previously started Call for Evidence. The Call for Evidence gave a perspective and feedback on the impact of the proposed EU Data Protection Regulation on business and individuals.

The results led to the position of the Ministry of Justice that reassured organizations to negotiate against regulations that would overburden business and for a legislative framework that support economic growth and innovation. The Ministry also stressed that people’s personal data must be protected at the same time.

Following issues need to hold negotiations from the perspective of the Ministry:

  • Right to be forgotten: It should be overhauled to clarify its scope and cost implications;
  • Bureaucratic and costly burdens on organizations: The Ministry will resist them if no greater protection for individuals is foreseeable; In particular mandatory data protection impact assessments, prior authorization from supervisory authorities and mandatory data protection officers were mentioned as such burdens without benefit for individuals;
  • Data Breach Notification: This Provisions will be supported depending on reflected timescales needed to properly investigate the breach and sensible and proportionate thresholds;
  • Penalties for Data Breaches: These administrative penalties will be supported with the objective to a more proportionate level of maximum fines;

Powers for the European Commission: The Ministry will push for the removal of many of the powers, especially where there is scope for the European Commission to substantially alter fundamental requirements.

Pages: Prev 1 2 3 4
1 2 3 4