Included in this edition of Data & Privacy News: Online advertising body IAB accused of data law breaches; Labour Party locks down access to membership databases due to possible data breach; EDPB publishes information note on data transfers under the GDPR in the event of a no-deal Brexit and more.

EDPB publishes information note on data transfers under the GDPR in the event of a no-deal Brexit

The European Data Protection Board (EDPB) has published an information note on data transfers under the GDPR in the event of a no-deal Brexit.

According to the EDPB, the transfer of personal data from EU Member States to the UK will have to be based on one of the following instruments; standard contractual clauses, binding corporate rules (for intra-group transfers), codes of conduct and certification mechanisms (such as the EU-US Privacy Shield) or derogations. For most organisations, this will mean relying on standard contractual clauses.

The EDPB has also published a note on binding corporate rules for companies who have the ICO as their Lead Supervisory Authority.

Draft Data Protection, Privacy and Electronic Commincations (Amendments etc.) (EU Exit) Regulations 2019 laid for sifting

The draft Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) (No 2) Regulations 2019 have been laid for sifting before the European Statutory Instruments Committee and Secondary Legislation Scrutiny Committee. These draft Regulations make amendments to the draft Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 to ensure data transferred from the UK under the Privacy Shield framework continues to be protected in the event of a no-deal Brexit.

EDPB launches consultation on guidelines on codes of conduct and monitoring bodies 

The EDPB has launched a consultation on the guidelines on codes of conduct and monitoring bodies under the GDPR, requesting e-mail comments by the 2 April 2019.

In line with Article 70(4) of the GDPR, all submissions will be published on the EDPB website in due course.

Online advertising body IAB accused of data law breaches

The Interactive Advertising Bureau (IAB), an organisation which sets standards for online advertising, has been accused of knowingly breaching data protection laws, according to legal complaints filed with data watchdogs in the UK and Ireland.

The IAB is responsible for the Real-Time Bidding standard, which underpins the automated auction of advertisements between advertisers when an individual visits a website. During completion of these auctions, advertisers are able to access details of the individuals, which helps settle the auction.

The IAB has argued that "it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding scenario". It has also said it is not a data controller under the GDPR, this falls upon the companies that implements its standards.

Labour Party locks down access to membership databases due to possible data breach

The UK's Labour Party has had to lock down access to membership databases, following attempts by unauthorised individuals to retrieve personal data.

It is an offence under the Data Protection Act 2018 to obtain or retain personal information without the consent of the controller.

Jennie Formby, the party's general secretary, also pointed out that the information will likely reveal an individuals political opinions, which makes it special category data entitled to increased protection.

The announcement came in the wake of members of the Labour Party deciding to leave the party and form a new association of MPs known as The Independent Group.

It isn't clear whether the Labour Party has reported the incident to the ICO.