Skip to content

FAQOn 5 May 2020, the Information Commissioner’s Office (ICO) published a blog setting out the Information Commissioner’s new priorities for UK data protection during COVID-19 and beyond. This follows on from the document published on 15 April 2020, in which the ICO promised an “empathetic” approach to its enforcement of data protection laws during the coronavirus outbreak, prioritizing areas likely to cause the greatest public harm and directing its services towards providing guidance for organizations about how to comply with the law during the crisis.
Continue Reading The UK Information Commissioner’s Regulatory Approach and Priorities During COVID-19

Digital LockIn news that will no doubt alarm many of the airline’s passengers, easyJet plc (easyJet) has confirmed that it has suffered a serious data breach affecting nine million customers as the result of a cyber-attack.  In addition to certain personal data including email addresses and travel details, the credit card details of 2,208 customers have apparently been impacted and the UK Information Commissioner’s Office (ICO) has been informed.
Continue Reading easyJet Suffers Data Breach Involving Nine Million Customers

Article 29Following the limited relaxation of lockdown restrictions by the UK Government and the likely return to the workplace of at least some employees, the UK Information Commissioner’s Office (ICO) has published some helpful guidance for employers on the data protection issues raised by workplace testing for coronavirus.

The guidance notes that, although data protection law does not stop employers taking measures that are required to protect their staff and the public during the coronavirus pandemic, personal data must be handled carefully.
Continue Reading UK Information Commissioner Issues New Guidance for Employers on Workplace Testing for Coronavirus

The use of artificial intelligence and surveillance technology of various kinds is increasingly being used as a weapon in the fight against coronavirus around the world.  Recent examples include the use of facial recognition software in Russia to enforce lockdown restrictions, while in France monitoring software has apparently been trialed with a view to using video surveillance cameras once lockdown has been moderated to determine whether citizens are adhering to social distancing rules and wearing masks.

In recent days it has been reported that various companies are in discussions with the UK Government regarding the use of facial recognition technology in connection with the much discussed concept of so-called “immunity passports”.
Continue Reading The Use of Facial Recognition Technology to Combat COVID-19

GDPRThe COVID-19 pandemic has forced organizations to reconsider their working arrangements and how employees interact with both internal and external clients and stakeholders. In the pursuit of maintaining a “business as usual” approach, many UK employers have questioned whether they can continue to effectively monitor their non-furloughed employees’ performance when all but those in essential roles are working remotely.

Continue Reading Employee Monitoring During the COVID-19 Lockdown GDPR Considerations Revisited

Although data protection and privacy may not be the first things that come to mind when considering how best to wage war against COVID-19, organizations that collect and use personal data and special categories of health-related data to try to combat this gravest of threats to public health should also consider how to ensure that their activities in this regard are reasonable and proportionate in the light of applicable data protection legislation.
Continue Reading Respecting Privacy During the Coronavirus Pandemic

Uncertainty is the new normal. UK criminal and regulatory enforcement authorities, like the rest of us, are adjusting to unprecedented levels of business disruption.

This short alert provides signposts to the guidance given by key authorities so far about immediate steps they are taking in response to the outbreak and the difficulties it causes.


The UK Information Commissioner recently published a consultation paper inviting views on the ICO’s proposal that it should be granted investigation and asset recovery powers under the Proceeds of Crime Act 2002 (“POCA”).

The powers the Information Commissioner is seeking at this time are:

  • To apply to the court for Restraint Orders (under Part 2 of POCA);
  • To apply to the court for Confiscation Orders (under Part 2 of POCA);
  • Cash seizure, detention and forfeiture from premises (under Part 5, Chapter 3 of POCA);
  • Asset seizure and forfeiture from premises (under Part 5, Chapter 3A of POCA);
  • To undertake investigations (including search and seizure warrants) to support the proceedings sought above (under Part 8 of POCA); and
  • Access to information relevant to the investigation of money laundering offences.

The ICO is also seeking relevant authorisation powers that will enable it to exercise the powers referred to above.Continue Reading UK Information Commissioner’s Office Seeks Further Criminal Powers

Ropes & Gray and our platform provider LexBlog each use cookies to personalize content and ads, to provide social media features and to analyze traffic. Each of us also share information about your use of our site with our social media, advertising and analytics partners. If you are happy for us to store these cookies on your device please click ‘Accept Cookies. For more information, please see here and here.

Accept Cookies