On October 30th, 2020, The Information Commissioner’s Office (“ICO”) announced its fine of £18.4 million issued to Marriott International, Inc., (“Marriott”) for violations of the General Data Protection Regulation (“GDPR”). This is a significant decrease from the proposed fine of £99.2 million announced by the ICO in July 2019 (see our previous article here) against the background of Marriott’s security breach reported to have lasted some four years between 2014 to 2018, with the fine relating to the breach only from the point at which the GDPR came into force in May 2018. It is the second largest GDPR fine levied by the regulator thus far, behind that imposed on British Airways. To date, Marriott has not admitted liability for the breach, but the major international hotel operator has indicated that it does not plan to appeal the decision.
Michael Drury & Julian Hayes’s Lexology webinar, ‘UK-US Bilateral Data Sharing Agreement: What Companies Need to Know’ can now be view on demand anytime.
“We want the UK….to be the best place in the world to start and grow a digital business”. With this ambitious aim, the Government has laid out its National Data Strategy, focusing on unlocking the value of data, establishing a pro-growth data protection regime, and championing international data flows to promote economic development. Already a feted success, the UK’s digital sector now stands behind only the US and China in global venture capital funding and directly employs more than 1.5 million people in London and other major UK cities. Despite its laudable aspiration, however, the Data Strategy signals post-Brexit regulatory intentions which risk inhibiting and choking off the future growth of this successful UK industrial sector.
In April 2019, the UK published an Online Harms White Paper proposing a broad new statutory duty of care for social media companies and platform providers to tackle widespread concerns about a host of online issues, from terrorist and child sexual abuse content to cyber bullying and trolling. More than 18 months on, BCL’s Greta Barkle asks where have the proposals got to?
BCL partner Julian Hayes and associate Greta Barkle in an article for LexisNexis PSL, analyse the findings of the Information Commissioner’s Office (ICO) on the use of phone extraction by police forces.
The GDPR has just celebrated its second birthday and, to mark the occasion, the European Commission (‘EC’) has published an assessment of its effectiveness so far. While praising the ground-breaking data protection leviathan for what it has achieved to date, the EC has admitted that more needs to be done, particularly in the field of enforcement, if it is to create a genuinely level playing field for personal data rights across Europe and beyond.
With more than one third of the planet’s population currently under some form of COVID-19 related restriction, the wider impact of ‘lockdown’ is becoming apparent. In the UK alone, the wider human cost of this necessary measure has been staggering: two million routine NHS operations cancelled; close to one million applications for universal credit benefit in the final two weeks of March; and calls to a national domestic abuse helpline 49% above average. The global economic picture is equally bleak. The IMF calculates the world economy will shrink by 7% in 2020, with trade levels sinking dramatically and national borrowing set to rise to levels not seen in peacetime. In the face of such dire prospects, for a relaxation of lockdown have grown increasingly vocal. But with a vaccine still 12-18 months off, governments around the world are weighing the apparent trade-off between easing restrictions and maintaining public health.
BCL partner Julian Hayes and associate Greta Barkle’s article titled ‘The UK ICO’s modified approach to data regulation during COVID-19 is welcome but risks remain’ has been published by Euronews.
