Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ali Qassim
The U.K. privacy office will issue guidance the first week of March for companies on obtaining consent from consumers to use their data, Information Commissioner Elizabeth Denham announced Feb. 24.
The Information Commissioner’s Office guidance on preparing for the European Union’s new General Data Protection Regulation (GDPR) privacy regime will represent “a toughening up on the rules around consent,” Denham said.
In order to be legally sufficient, consent “will need to be freely given, specific, informed and unambiguous, and businesses will need to be able to prove they have it if they rely on it for processing data,” she said. A check the box approach won’t be sufficient to show valid consent, Denham said.
If Parliament debates amending U.K. law to conform to GDPR requirements after Brexit, the ICO “will be banging our drum for continued protection and rights for consumers and clear laws for organizations,” Denham said. Complying with GDPR after Brexit makes sense, she said.
Denham gave her first keynote address at the Direct Marketing Association’s annual Data Protection event in London since she took over as the U.K.’s privacy chief July 2016. A Canadian, Denham was previously British Columbia’s information and privacy commissioner.
The ICO also plans to publish GDPR-relevant guidance on individual profiling once the Article 29 Working Party of data protection officials from the 28 EU countries has completed updating its profiling guidance, Denham said.
Referring to the ICO’s guidance on GDPR in general, she said it will be “a living document, with text added on different points as more guidance is produced.” This will include “links to guidance produced alongside our counterparts in Europe, as and when that is ready, including documents around aspects like data portability and the role of data protection officers” she said.
Denham assured businesses that the ICO “will not be investigating every data breach” to enforce the mandatory data breach notification requirement under the GDPR.
When a company “reports a breach, if we know it can demonstrate good processes and prove that this was a gap, we will take note and monitor,” she said. The ICO’s tighter focus will on those businesses “who don’t have their accountability act together.”
Ardi Kolah, program co-director at Henley Business School at the University of Reading in the U.K., advised businesses not to “just wait for guidance”. For instance, on how to act on providing proper consent, companies should not “hide behind terms and conditions” but “take responsibility and think about how they are connecting to customers.”
Denham raised questions about the future of GDPR once the U.K. formally leaves the EU—a process that will take place after the GDPR comes into effect May 25, 2018.
Although the government has “made it clear that EU law will remain U.K. law until the government sees fit to repeal it,” she said, “it’s possible that in the years after the U.K. leaves the EU, Parliament will debate amending the requirements of the GDPR.”
In that event, the ICO would “will be banging our drum for continued protection and rights for consumers and clear laws for organizations,” Denham said.
The government “will also need to answer the question about whether the U.K. will seek to keep the U.K.'s data protection law at an equivalent standard to the EU, to allow unrestricted data flows with EU countries,” she said. Stressing the U.K.'s need for “strong data protection laws to achieve all that,” Denham said she couldn’t foresee the rules on consent or marketing “being loosened.”
Denham also defended the need for updating existing U.K. privacy laws. “The world has changed a lot since 1995, not only technology, but your own business models, people’s attitudes to their data, their demand that their information is properly looked after,” she said. “The law needed to change too.”
To contact the reporter on this story: Ali Qassim in London at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)