The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.
Continue Reading UK Government sets out proposed derogations under GDPR
European Commission opens public consultation on EU Consumer Law
The European Commission (EC) has opened an online public consultation on the targeted revision of EU consumer law (the Consultation). The Consultation follows the EC’s publication of the results of its Fitness Check on consumer and marketing law and of the evaluation of the Consumer Rights Directive (Directive 2011/83/EU) (the CRD).
Continue Reading European Commission opens public consultation on EU Consumer Law
ICO rules Virgin’s CCTV images of Jeremy Corbyn didn’t break data protection law
The UK Information Commissioner’s Office (the ICO) has ruled that Virgin Trains East Coast (Virgin) did not break data protection law when it published CCTV images of the UK’s Labour party leader, Jeremy Corbyn. Virgin released the footage last year following Mr Corbyn’s comments that a Virgin train he was travelling on
Child’s Play: The Office of the Data Protection Commissioner releases Guidance Note on Connected Toys
The Office of the Data Protection Commissioner (the ODPC) has released a guidance note on connected toys (the Guidance Note). The Guidance Note highlights the possible data protection issues that might occur when children and parents use toys with microphones and cameras that have an ability to connect to the internet.
The ODPC warns of certain potential issues with the personification of connected toys, in particular dolls. Some of these toys provide an interactive experience by reacting to selected words. This may give the impression of an emotional response to what the child says or does. In some instances, these toys are enabled to collect and record these “conversations” between the child and the connected toy on apps, smartphones or tablets. The ODPC cautions that some of these connected toys’ terms and conditions allow these potentially sensitive recordings to be shared with other companies and used for the basis of targeted advertising.
The Central Bank of Ireland publishes new Cross Industry Guidance on IT and Cybersecurity Risks
On 13 September 2016, the Central Bank of Ireland (the CBI) published new guidance on IT risk management and cybersecurity for financial service firms. Publication of the Guidance follows the CBI’s previous actions in relation to cyber risks in the funds, insurance and banking sectors (see previous blog here). The CBI acknowledges that IT plays an integral part in the supply of financial services and calls on Boards and Senior Management of regulated firms to recognise the ever increasing incidences of cyber-attacks and business interruptions. It requests such firms to acknowledge their responsibilities in this regard and prioritise IT security. This responsibility involves establishing and maintaining a resilient IT strategy, while ensuring that it aligns with the firm’s general business strategy. It states that a robust oversight and engagement on IT matters at the Board and Senior Management level promotes an IT and security risk aware culture within the firm.
Continue Reading The Central Bank of Ireland publishes new Cross Industry Guidance on IT and Cybersecurity Risks
ICO states that GDPR is still relevant for the UK
Following the Brexit Referendum and the uncertainty now surrounding the future of data flows between the UK and the remaining EEA States, the UK Information Commissioner’s Office has published an update on its blog: “GDPR still relevant for the UK“. The update emphasises the importance of the GDPR to many organisations in the
ODPC contacts Dublin City Council regarding anti-litter posters
The Office of the Data Protection Commissioner (ODPC) has contacted Dublin City Council in relation to its data protection concerns surrounding the City Council’s new anti-litter poster initiative. As part of the initiative the City Council had erected a billboard in the north inner city featuring CCTV images of 12 people who appear
ODPC Issues Guidance on Canvassing, Data Protection and Electronic Marketing
In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this
ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register
In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".
Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing.
Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register
Minister for International Financial Services launches FinTech and Payments Association of Ireland (FPAI)
On 14 September 2015, Minister of State for International Financial Services Simon Harris TD launched the FPAI, a new trade association founded to further the interests of stakeholders involved in the rapidly evolving Irish FinTech sector.
FinTech (financial technology) is the term used to describe any technology applied to financial services. Across the broad spectrum of FinTech products available, everyday examples include mobile banking, peer to peer lending, digital currency (e.g. Bitcoin), crowdfunding (e.g. Kickstarter) and online payments systems (e.g. Stripe).