Included in this edition of Data & Privacy News: GDPR one year on; ICO reports on GDPR Progress; Irish Data Protection Regulator launches series of GDPR investigations; and more...

GDPR one year on

Leading up to the one year anniversary of GDPR implementation, there were a number of key announcements across Europe on GDPR progress and plans for the future:

• The European Data Protection Board has reported 446 cross-border cases during the first year of GDPR, with 205 of these leading to One-Stop-Shop procedures.
• Complaints received by National DPA's was 144,376 and there was over 89,000 notifications of data breaches logged.
• At its meeting in May, the European Data Protection Board decided to assign Austria, Bulgaria, France, Germany, Hungary and the European Data Protection Supervisor as representatives for the third annual review of the EU-US Privacy Shield.

ICO reports on GDPR Progress

The UK's Information Commissioner's Office (ICO) has logged more than 14,000 data breaches since the implementation of GDPR. Complaints from the general public has also doubled, from approximately 21,000 to 41,000, suggesting heightened awareness of personal data as a result of GDPR.

In the UK, no fine has yet been issued under the GDPR. The ICO has said that fines will be "coming soon", however they wanted organisations "to focus on how data protection law can help them to get it right.. rather than how they might be punished if they get it wrong".

Irish Data Protection Regulator launches series of GDPR investigations 

The Irish Data Protection Commission (DPC) has launched 19 statutory investigations since GDPR came into force a year ago, 11 of which concern social media giant Facebook and its subsidiaries WhatsApp and Instagram. 

Twitter and LinkedIn are also under investigation, along with a recently launched probe against Google over its uses of personal data for targeted advertising. 

Of the 19 investigations, nine have been launched after complaints from individuals or businesses, whilst the other 10 have been initiated by the DPC itself. The main concerns been about the legal basis for processing personal information, lack of transparency on how personal data is collected by a company, and an individual's right to access their own data.

UK government and tech industry agree collaboration on cyber security of IoT devices

The UK government and the tech industry have agreed to collaborate on cyber security of Internet of Things (IoT) devices.

At a recent roundtable meeting convened by the Department for Digital, Culture, Media & Sport  (DCMS) and Which?, retailers stressed the need for consumers to be confident that the products they are buying are secure. According to the DCMS, there are an increasing number of IoT devices being brought into homes and so it is crucial that the industry and the government addresses the cyber security issues that could materialise from them.

The DCMS, the government, the manufacturers and retailers all agreed a shared aim to make it easier for end-users to use their smart products securely. 

Consultations on regulatory proposals referring to consumer IoT security are now in the pipeline.

San Francisco bans the use of facial recognition technology

San Francisco has banned the use of facial recognition software by police forces and other agencies, following an 8-to-1 vote by the Board of Supervisors, with similar bans being considered in Oakland and Somerville.

In the last few years, the use of facial recognition technology has rapidly gained momentum due to a rise in cloud computing, machine learning and detailed digital cameras.

Many police forces in the United States are currently using facial recognition tools to search for small-time criminal suspects, as well as perpetrators of mass carnage. However, civil liberty groups have expressed concerns about potential abuse by the government which could shove the United States in the direction of an overly repressive surveillance state similar to China.