Privacy and cybersecurity: Summer agenda 2020

At the time I wrote the Spring agenda piece COVID-19 was still a rather a remote and abstract force. It’s no understatement to say the whole world has changed since then as the pandemic has ravaged healthcare systems and economies across the globe. This includes the place in the world occupied by data protection, privacy and cyber security.

Indeed, as governments around the world have scrambled to adopt technological solutions to the track and trace conundrum, privacy concerns have been to the fore (see our blog post). The rapid move to working from home has brought with it substantially greater data privacy and security risks (see this article on key cyber risks and this blog post on avoiding GDPR traps). We have also published a brief overview of the broader data protection issues.

UK and EU authorities (including the UK government, European Data Protection Board and the ICO) have all delivered a raft of guidance for navigating these risks and more generally in relation to COVID-19.

Pandemic aside, the spectre of Brexit remains. The clock is ticking and the prospect of no deal being struck at the end of the transition period now looms large. Our blog post, Data protection: what should companies be doing during the Brexit transition period?, remains a useful starting point for assessing what you may still need to do to prepare.

Roundup for Spring 2020

It would be impossible to cover all of the developments that have taken place over the spring. The COVID-19 pandemic has brought with it a tsunami of legislation and regulatory guidance as well as drastic emergency policy making that has provoked searching privacy- and security-related questions. Here are some key edited highlights:

Looking ahead

The summer is of course traditionally a quiet time for practitioners and the COVID-19 crisis has played a part in further sidelining initiatives. There are a couple of key dates to keep an eye on:

  • The ICO is expected to publish the associated guidance for organisations on the final AI auditing framework on 29 May 2020. The draft guidance can be found here.
  • The judgment of the much-anticipated “Schrems 2” case (Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18)) is due out on 16 July 2020. Following his successful invalidation of the Safe Harbor Framework in “Schrems I”, Mr Schrems has challenged data transfers between EEA and non-EEA countries on the basis of the European Commission adopted standard contract clauses. AG Saugmandsgaard Øe gave his opinion that the SCCs are valid in December last year.

New Practical Law content

In addition to the various blog posts and articles referred to above, Practical Law has added the following to its content set in the past three months:

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this post on: