Neither blessed with a catchy title nor immediately in force, the Age Appropriate Design Code grabbed few headlines when it was issued by the Information Commissioner (ICO) in 2020. Now re-badged as the Children’s Code and in force from 2 September 2021, it is being feted as an early blow in the UK government’s wider campaign against online harms and in particular the risks to the privacy of minors. Broadly drawn, both in terms of the online service providers affected and its geographic reach, the Code provides guidance on safeguards for the online treatment of children’s personal data, with compliance underpinned by the potentially severe enforcement powers of the UK GDPR. Sensing the way the wind was blowing, the tech titans had already modified their services, spurring calls for similar measures in other countries. Misgivings over the ambit and practical impact of the Code remain, however, particularly in relation to the thorny issue of age-verification.
“Treasure trove’ and ‘gold mine’ are descriptions which jar when describing the sensitive health care data recorded by GPs in countless daily consultations up and down the country in the expectation of doctor-patient confidentiality. Yet, this is how some people perceive the patient records of 55 million citizens which the UK Government plans to make available to a variety of users in pseudonymised form in a scheme unveiled without fanfare in May 2021, formally known as the General Practice Data for Planning and Research. Supported by David Davis MP, an assortment of medical bodies, charities and privacy campaign groups have forced a Government rethink – at least for now.
BCL partner Julian Hayes and legal assistant Andrew Watson’s article examining the critical balance between human rights, privacy and the use of biometric technology by the police has been published in Police Professional.
BCL partner Julian Hayes’s article ‘COVID Status Certificates – A Passport to Freedom?’ has been published by Global Banking & Finance Review, discussing the potential introduction of time-limited COVID-status certification to help reopen the economy and society, reduce restrictions on social contact, and improve safety.
As the UK lockdown eases, friends and relatives are reuniting, shops are once again welcoming customers, and beer gardens are full of chatter. With GDP down almost 10% in 2020 and many businesses still on their knees as a result of the emergency measures, the Government is keen to ensure that the current momentum continues and the exit from lockdown is irreversible. One method the UK administration – and others around the world – are considering is the introduction of time-limited COVID-status certification to help reopen the economy and society, reduce restrictions on social contact, and improve safety.
The dust has not yet settled on the Information Commissioner’s fine imposed on British Airways (BA) in October 2020, but the company now faces the largest group claim over a data breach in the UK’s history. A similar claim has been brought against TalkTalk following a 2014/15 cyber-attack on the telecoms giant, though in that case far fewer people were affected. With not only hefty regulatory fines and reputational damage but also the threat of expensive civil litigation for data breaches, the pressure is on for data controllers and processors to check they are doing enough to protect their customers personal data.
BCL partners Michael Drury and Julian Hayes have contributed the chapter titled ‘UK-US Data Sharing Treaty – a welcome recognition of reality’ as part of Privacy Laws & Business‘ Data Protection & Privacy Information International report.
The Government has published its long-awaited response to its Online Harms consultation. Confirming the intention to impose a duty of care to keep users safe online, the Secretary of State told Parliament online platforms “will no longer be able to mark their own homework”.
