The Public Accounts Committee has announced that in January 2018 it will hold an inquiry into the cyber-attack on the NHS.
Data Protection Bill
This week the Data Protection Bill began the report stage – line by line examination of the Bill – in the House of Lords. A third day of report stage is scheduled for 10 January 2018.
On day one of the report stage Baroness Kidron moved to add an amendment to the bill which will subject websites and apps to a tough code of practice to protect children’s privacy online. The moved was strongly welcomed by other peers including Lord Ashton of Hyde who said the Government would support the code. Read the full Hansard record here.
Following the debate, digital minister Matt Hancock confirmed that DCMS will create a statutory process by which a code from the Information Commissioner’s office on age-appropriate website design could be produced. The code will set new standards of privacy on websites and apps for children under 18 which make clear what personal data is being collected, how it is being used and how children and parents can stay in control of the data. Following a consultation on the code of practice the ICO will be expected to present a draft for parliamentary approval within 18 months of the data protection bill passing into law. Read more here.
James Cartlidge, Conservative MP for South Suffolk, tabled a question asking for an estimate of the potential cost to parish councils of complying with the GDPR. Digital minister Matt Hancock’s response implied that parish councils have not received tailored guidance but are being directed to the ICO’s general resources for SMEs. Read more here
Jon Trickett, Labour MP for Hemsworth, tabled a question asking how many times the ICO has fined central government departments in each year since it was created. Mr Hancock responded that since the ICO first received powers to fine organisations for serious breaches of the Data Protection Act the Commissioner has issued one fine to a central government department – £140,000 to the Ministry of Justice in October 2013. Read more here.
Who’s getting it wrong?
The ICO, along with the Claims Management Regulator and Nottinghamshire Police, executed a search warrant at two addresses in Nottingham as part of an investigation into a network suspected of making hundreds of millions of unsolicited automated calls promoting personal injury claims. ICO Enforcement Group Manager Andy Curry said that aside from taking enforcement action against the organisations and individuals involved the raid has the added effect of disrupting these people’s activities. Read more here.
The Information Commissioner Elizabeth Denham has published an update on the formal investigation into data analytics for political purposes. The ICO are concerned about invisible processing – the algorithms, analysis, data matching and profiling that involves people’s personal information. Ms Denham said when such techniques are used in relation to the democratic process the case for a high standard of transparency is strong. Find the update here.
Ms Denham also spoke at the TechUK Data Ethics Summit this week. Speaking about the development of AI she said the GDPR was drafted for the purpose of trying to tackle opaque decision-making by machines. She also said that Ethics is at the root of privacy and is the future of data protection. She also spoke about the new Centre for Data Ethics and Innovation saying it will complement the role of regulators by promoting the consideration of ethical issues. Read more here.
Hundreds of HP laptop models have hidden software pre-installed that can record every letter typed on a computer keyboard. HP has issued a software patch to remove the keylogger and close the potential security vulnerability. Read more here.
York city council has rejected Uber’s application for renewal citing concerns about Uber’s security provisions both for passengers’ physical safety and personal data following disclosure of its data breach. Read more here.