Included in this edition of data & privacy news; Data Download AI and Privacy webinar; ICO sets out six data protection steps for Coronavirus recovery; German Covid-19 task force firm targeted by phishing attack; and more...


Data Download AI and Privacy Webinar on Tuesday 23 June

Join our Data Managment team on Tuesday 23 June at Midday as they explore the complexities of AI in practice. 

Data protection and artificial intelligence have a challenging relationship. As society strives to find ways to do things more quickly using AI, this often comes with a cost to privacy with personal data used to fuel decision making. 

A must attend event for anyone with an interest in data protection in their business.

Sign up here >

AG coronavirus updates

The Data Management team have recently published two updates on coronavirus:

Covid-19: a practical guide to data protections practices in workplace testing in the UK - France – Germany

Key contact: Dr. Nathalie Moreno

Coronavirus and health monitoring: a way out of lockdown?

Key contact: Helena Brown

ICO sets out six data protection steps for coronavirus recovery

The ICO has set out the key steps that organisations need to consider around personal data use as lockdown restrictions begin to ease:

  • Only collect and use what is necessary to keep your staff safe;
  • Keep the processing of this data to a minimum;
  • Be clear, open and honest with staff about how and why their data is being used and the implications of such use;
  • Treat people fairly;
  • Keep people’s personal data secure; and
  • Ensure staff are able to exercise their information rights and discuss any concerns.

The ICO have said they "will continue to help organisations and businesses through the current recovery phase by supporting innovation and economic growth, while ensuring that people’s information rights are not set aside".

ICO's Age Appropriate Design Code is laid before Parliament

The Age Appropriate Design Code, also known as the Children's Code, has been laid before Parliament.

The Code sets out 15 standards of age appropriate design that relevant online services need to implement to protect children's privacy.

The ICO has that this is "a huge step towards protecting children online especially given the increased reliance on online services at home during COVD-19".

Progress report on draft E-Privacy Regulation published 

The Croatian Presidency of the Council of the EU has published a progress report on the draft E-Privacy Regulation (ePR). 

The Croatian Presidency has confirmed amendments to the text, which include the introduction of a new legitimate interests ground to process electronic communications metadata, and collect information from end-users terminals. 

Due to the coronavirus there has been further delays in progresing the draft ePR, however the Croatian Presidency has committed to working closely with the incoming German Presidency to ensure smooth progress. 

German COVD-19 task force firm targeted by phishing attack

Over one hundred top officials at a German COVID-19 task force firm have been targeted by an ongoing phishing campaign, according to cybersecurity researchers at IBM X-Force Incident Response and Intelligence Services.

The phishing campaign, which also targeted American and European third-party supply chain partners of the company, harnesses credentials and allows attackers to access victim's accounts giving them the ability to steal data and move laterally through the firm's IT network. 

According to IBM, the phishing attacks started on the day the German Government commissioned nine of the country's top multinational companies to be part of the COVID-19 task force. 

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile