April e-newsletter out now
Investigation into data analytics for political purposes
Our enquiries involve 30 organisations including Cambridge Analytica, Aggregate IQ and Facebook. The latest ICO statements about the investigation can be found on our website.
A win for the data protection of UK consumers
WhatsApp has signed an undertaking with the ICO, publicly committing to not sharing personal data with Facebook until they address data protection issues. This follows our investigation into WhatsApp and Facebook, which found that WhatsApp had not identified a lawful basis of processing for any such sharing of personal data among other concerns. Elizabeth Denham explained why this represents a win for UK consumers in her blog.
Updates to the Guide to the GDPR
We have made further updates to our Guide to the GDPR. As well as detailed guidance on legitimate interests, we have also expanded the pages on Data Protection Impact Assessments (DPIAs), data protection officers, the right to be informed, the right to erasure, the right to rectification and the right to restrict processing.
Guide to Law Enforcement Processing
Our Guide to Law Enforcement Processing has been published and highlights the key requirements of Part 3 of the Data Protection Bill. It replaces the Frequently Asked Questions for Law Enforcement Processing. It is important to note that this is a living document and may change to reflect any changes to the Bill as it makes its way through Parliament. It also includes links to further guidance from the ICO and other relevant reading.
Lawful basis tool published
We have produced a lawful basis interactive guidance tool to give tailored guidance on which lawful basis is likely to be most appropriate for your processing activities. It will give an indicative rating for each lawful basis based on your answers to key questions, with advice on suggested actions and links to relevant guidance content.
Data protection self-assessment toolkit for SMEs revamped
Our SME data protection self-assessment toolkit has been revamped in line with the GDPR. Use our toolkit to assess your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure. The toolkit covers your obligations as a controller or processor, as well as information security, direct marketing, records management, data sharing, requests for personal data and CCTV.
Elizabeth Denham submits evidence to the DCMS Select Committee
The Information Commissioner appeared before the Digital, Culture, Media and Sport Committee on 6 March to give evidence on fake news. Read the transcript of the Commissioner’s evidence on the House of Commons website, and watch footage on Parliament.tv.
Information Commissioner speaks at the Alan Turing Institute
Ms Denham spoke at the Alan Turing Institute on 23 March as part of its event ‘The GDPR and Beyond: Privacy, Transparency and the Law’. The Commissioner’s speech looked at how developments in Artificial Intelligence (AI) must take privacy into account.
Commissioner delivers annual lectures
The Commissioner also delivered two annual lectures last month. She gave the CRISP (Centre for Research into Information, Surveillance and Privacy) annual lecture at the University of Edinburgh on 14 March, speaking about the many roles she must play as UK Information Commissioner and setting out the challenges and opportunities ahead. On 22 March, she delivered the annual Jenkinson Lecture at University College London, where she discussed Freedom of Information, sustainable governance and openness in the digital age.