Data Protection News Roundup – 21st January 2020

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.



MPs are calling for unlimited fines for those who breach electoral law under new proposals to protect UK elections and referendums from “dirty money and dodgy data misuse”. Read more here.


Who’s getting it wrong?

Betting companies have been given access to an educational database containing names, ages and addresses of 28 million children and students in one of the biggest breaches of government data. The database is intended for training and educational use but according to an investigation conducted by The Sunday Times, a partner company handed over access to information gleaned from the database, known as the Learning Records Service, without permission.  The betting companies have used it to help increase the proportion of young people who gamble online. Read more here.

Detailed information about the job performance of more than 900 employees of Regus owner IWG was accidentally published online after the shared office business conducted a review of sales staff. A spreadsheet which lists the names and work addresses of hundreds of Regus sales managers alongside detailed reviews of their performance was made accessible to anyone using a simple Google search, The Telegraph has found. Read more here.

Twitter has suspended dating app Grindr from its advertising network following the publication of a report claiming the app had breached GDPR. The report accused Grindr of sharing user data with third parties, including IP address, Advertising ID, GPS location, age and gender and using Twitter as a mediator for sharing this data. Read more here.


Other News

The European Commission is mulling a temporary ban of up to five years on the use of facial recognition technology in public places in the EU, such as sport stadiums or town centres. Read more here.

National security laws allow bodies such as MI5, MI6 and GCHQ to force mobile firms such as Vodafone and O2 to hand over data on customers. But in a preliminary opinion Campos Sanchez Bordona, advocate general at the Court of Justice of the European Union, ruled that these actions contravened EU law. Read more here.

Phishing has been on a steep rise over the last few years. In 2017, only 16 breach reports were made to the ICO as a result of successful phishing attacks. This jumped to 877 phishing reports in 2018, and in 2019, UK organisations reported a record 1,080 phishing-related breaches to the ICO – representing 45% of all cyber security data breach reports received by the ICO that year. Read more here.

European countries have imposed approximately €114 million (£97 million) in data protection fines on businesses since the GDPR came into force in May 2018. Approximately two-thirds of penalties have been levied by German and French data protection authorities. However, the data excludes major fines against British Airways and Marriott International of £183 million and £99 million respectively, issued by the UK’s Information Commissioner’s Office in July 2019, as these penalties have yet to be finalised. Read more here.

A website which provided access to more than 12 billion personal credentials to cyber criminals for as little as $2 per day has been taken down following an investigation led by the National Crime Agency (NCA), in collaboration with international law enforcement partners. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.