ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers

On 20 January 2023 the UK’s Information Commissioner’s Office (“ICO”) published a statement regarding the obligations then in place for public electronic communications service providers (“CSPs”) under Regulation 5A of the Privacy and Electronic Communications Regulations 2003 (“PECR”). The statement proposed the termination of the 24-hour data breach regime (which required CSPs to notify the…

Ofcom Launches Investigation into BT Following Suspected Breaches of Consumer Protections Post Implementation of EECC

Following full implementation of the European Electronic Communications Code (EECC), Ofcom introduced new contract requirements with an aim to protect consumers and end-users.  These include ensuring that contracts for public electronic communications services include key information about the services they are receiving and that such information is provided to them in a one-page summary before…

Important decision impacting how companies must provide personal data requested by data subjects under their access rights

Giovanni Pitruzzella, Advocate General (AG) recently issued an opinion on what is within scope of the right conferred under Article 15(3) of the EU GDPR to obtain a copy of personal data being processed. The clarifying opinion relates to Case C-487/21 regarding questions referred for a preliminary ruling as lodged by the Austrian Federal Administrative…

Saving the WWW from the W3C

When Tim Berners-Lee created a system that used hypertext links to retrieve research papers at his research institute in Switzerland in the late 1980’s and early 1990’s he probably never thought his insight would spawn a worldwide commercial network. 30 years later we can see that people’s daily lives have been changed by the internet…

Imminent US adequacy decision to be met by legal challenges from privacy advocates

An adequacy decision for the US under Article 45 of the GDPR is expected to be issued this week by the European Commission, which would in practice deem the level of data protection in the US as essentially equivalent to that in the EU, thus re-enabling seamless transatlantic data flows. However, activist groups including Nyob…

Telecoms Security Framework (TSF) – Background and Requirements

The UK Government is introducing a new telecoms security framework (the “TSF”) through the Telecommunications (Security) Bill (the “Bill”). This is a particularly important development, given that fines could be significant – up to 10% of annual turnover and/or £100,000 per day of contravention in certain circumstances as further described in the Financial Penalties section…