Data Protection News Roundup – 21st July 2020

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner and Data Protection Officer. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.



The Government has published proposals for a new law that will raise the security standard for all consumer smart products sold in the UK. As a first step the standard will make sure they adhere to three important requirements:

  1. That device passwords are unique and not resettable to any universal factory setting.
  2. Manufacturers must provide a public point of contact so anyone can report a vulnerability.
  3. Information stating the minimum length of time for which the device will receive security updates must be provided to customers.

Read more here.


Coronavirus Response

According to the Open Rights Group, the UK government has failed to meet a crucial GDPR requirement in its COVID-19 Test and Trace program because it has not conducted a data protection impact assessment. Read more here.


Data Breaches

The ICO has published its annual report for 2019-20 stating that it handled over 12,000 reports of personal data breaches and took regulatory action in 236 instances that included fifteen fines. The fines included a £120,000 penalty issued to Hall and Hanley Ltd for sending over 3.5m direct marketing text messages and a £400,000 fine issued to Bounty UK Ltd for illegally sharing personal information belonging to more than 14 million people. Read more here.

According to a survey by customer experience company Genesys, 55% of UK consumers would continue using a company after a data breach. However, 40% also said that they do not share personal details due to privacy concerns, even if it means missing out on discounts and results in less streamlined interactions. Read more here.


Other News

A group of UK Uber drivers have launched a legal challenge against the company’s subsidiary in the Netherlands with complaints relating to access to personal data and algorithmic accountability. Read more here.

Since the GDPR came into effect in May 2018, there have been 340 GDPR fines issued by European data protection authorities with every one of the 28 EU nations issuing at least one GDPR fine. Read more here.

A major agreement governing the transfer of EU citizens’ data to the United States has been struck down by the European Court of Justice (ECJ). The EU-US Privacy Shield let companies sign up to higher privacy standards, before transferring data to the US. But a privacy advocate challenged the agreement, arguing that US national security laws did not protect EU citizens from government snooping. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.