REUTERS | Mark Blinch

Privacy and cybersecurity: Spring agenda 2020

In the Winter agenda the prospect of a no-deal Brexit was a real, if improbable, threat. While the transition period until 31 December 2020 might represent a reprieve, there are plenty of things in-house counsel need be doing during the (now ten) months remaining. Our recent blog post, Data protection: what should companies be doing during the Brexit transition period?, will help to navigate the issues and prioritise your actions.

Despite the political landscape remaining uncertain, it does feel like a moment to focus greater attention to BAU data protection and cyber activities.

Looking back

In case you’re in catching up mode, a key headline landed just last week with the Croatian presidency of the EU publishing the revised text of the draft E-Privacy Regulation. Here’s a brief roundup of other key developments since the start of December:

  • The ICO published: data protection guidance specifically for SMEs; the final version of its Age Appropriate Design Code; and amended guidance on timescales for complying with data subject access requests when clarification is sought.
  • Simon McDougall of the ICO blogged twice on adtech, specifically on its engagement with adtech organisations and on investigation and regulatory action.
  • In the Facebook Ireland case, AG Saugmandsgaard Øe delivered his opinion that controller to processor standard contractual clauses remain valid (although the position is not final until the ECJ’s judgment later this year).
  • The National Cyber Security Centre (NCSC) published guidance for organisations on choosing and purchasing mobile devices.
  • The Centre for Data Ethics and Innovation (CDEI) published its final report on online targeting.

Looking ahead

As ever in this area, there is certainly plenty happening for practitioners during the spring, including a number of open consultations/surveys, forthcoming publications and a key NCSC event, all outlined below.

1. Open consultations and surveys

2. Forthcoming publications

  • The CDEI is due to publish its final report on algorithmic bias in various sectors (which may include financial services, local government, recruitment and crime and justice) on 31 March 2020.
  • The Secretary of State will publish a report on the NIS Regulations 2018 by 9 May 2020 following a review of the regulations.
  • The European Commission is due to report on all elements of the GDPR by its two year anniversary, 25 May 2020.
  • DCMS and the Cabinet Office are due to publish the responses from the Digital Identity consultation (following a call for evidence which ran last year) at some point during Spring 2020.
  • Following publication of the final AI auditing framework in January 2020 and the consultation referred to above, the ICO expects to publish the associated guidance for organisations during Spring 2020.

3. CYBERUK 2020

The NCSC’s CYBERUK event is due to take place at the ICC Wales in Newport on 19 – 20 May 2020. CYBERUK is the UK government’s flagship cyber security event and will include briefings on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.

New and updated Practical Law content

In addition to the Brexit blog post referred to above, Practical Law has added the following to its content set in the past three months:

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this post on: