Blog
ICO looking into schools' use of facial recognition to take lunch payments
The Information Commissioner's Office announced on 18 October that it would be in contact with North Ayrshire Council after it was reported that nine North Ayrshire schools had introduced facial recognition technology to allow pupils to pay for their school lunches. The proposed use of facial recognition technology would involve the processing of biometric personal data, which should be treated as a special category of personal data under the UK GDPR where it is used to uniquely identify a data subject.
Project Red Card: privacy concerns for the Premier League
Over 850 professional football players from mid-tier and premier league clubs are seeking compensation from the data collection industry over the unconsented use of up to six years' worth of performance data, in a legal action referred to as Project Red Card.
Ministry of Defence email blunder exposes personal data of Afghan interpreters
The personal email addresses of over 250 Afghan interpreters seeking relocation to the UK were mistakenly copied into an email with their email addresses visible in a data breach described by the Defence Secretary as "unacceptable".
Vulnerabilities in the Covid-19 vaccination booking website put the UK population's personal data at risk
NHS Digital is facing criticism after it was discovered that a vulnerability in the organisation's Covid-19 vaccination booking website had exposed confidential medical data. In the past four months, the website has facilitated the vaccination process for over 17 million people in the UK.
Facebook prepares to defend yet more legal challenges as data woes continue
In February, a class action was brought against Facebook over allegations it failed to protect the personal details of about one million people in England and Wales. This is the second major UK data-related claim brought against Facebook in six months. Both relate to the scandal over data harvesting that began with allegations that Cambridge Analytica, a British political consultancy, accessed the personal data of millions of Facebook users.
A new threat to public safety? The collision of immigration and data protection law
Schedule 2 of the UK’s Data Protection Act 2018, incorporates a controversial clause known as the immigration exemption (the “Exemption”). The Exemption works to disapply certain data protection rights where the processing is carried out for immigration purposes and the Home Office considers that the processing might “prejudice the maintenance of effective immigration control”.
“Have you had your jab?”: Navigating the vaccine status of your workforce
As the NHS continues to roll out the Covid-19 vaccine, your organisation might be beginning to consider whether or not you need to collect data regarding your employees’ vaccination status. The starting point is that, as any employer, you may request information about the vaccination status of your employees but, as with all personal data, you must consider your compliance with the data protection requirements of the UK GDPR and Data Protection Act 2018.
The Conservative Party illegally collected data on ethnicity of 10 million voters but dodges enforcement action
In November 2019, the ICO conducted an assessment of political parties’ compliance with data protection laws. During its assessment, the ICO discovered that the Conservatives had purchased so-called estimated "onomastic" data, which attempts to determine the ethnicity, religion, country of birth and other characteristics of a voter based on their first and last names. The result is then appended to the voters’ records.
Could you be in breach of the GDPR when printing work-related documents at home?
A study has found that two thirds of remote workers risk potentially breaching GDPR guidelines by printing out work-related documents at home. It comes as no surprise that printing work-related documents at home during the pandemic has increased, however caution is required. Printing documents containing personal information such as an employee’s payroll, address or medical information or even notes from a meeting containing phone numbers or email addresses pose a potentially high data security risk.