The NHSX contact tracing app has brought data protection into the headlines in the last week. Mass surveillance in the interests of securing our way out of the Covid-19 crisis gives rise to privacy concerns around use of the app by the general public.

Join our Data & Privacy Solutions team's webinar on Tuesday 12 May at midday presented by partner, Nathalie Moreno who will talk about the data protection implications of tracking technology – is it our friend or our foe? Sign up here with Zoom.

Nathalie has also published an article on contact tracing apps. 

EDPB adopts Guidelines on consent under the GDPR

The European Data Protection Board (EDPB) has adopted Guidelines 05/2020 on Consent under the GDPR. The Guidelines, to some extent, update the Article 29 Working Party's Guidelines on Consent under the GDPR, which were endorsed by the EDPB in its first plenary meeting.

ICO publish document on coronavirus contact tracing solutions

The ICO have set out their expectations on how contact tracing solutions may be developed in line with the principles of data protection by design and default. They have also included a series of best practice recommendations.

Swedish Data Protection Authority issues National Government Service Centre with fine of 200,000 Swedish Kroner

The Swedish Data Protection Authority (DPA) has issued a fine of 200,000 Swedish Kroner to the National Government Service Centre (NGSC) for failing to notify affected parties and the Data Protection Authority of a personal data breach in the appropriate time.

An investigation was initiated by the DPA after it received a number of personal data breach notifications in relation to an error in the NGSC's IT system for salary administration. 

It took NGSC five months to notify the affected parties and nearly three months before a data breach notification was received by the DPA.

In addition to the fine, the NGSC has been ordered to introduce internal routines for its documentation.

Investigations launched after thousands of drivers details available online

Sheffield City Council and South Yorkshire Police have launched investigations after the Automatic Number Plate Recognition system containing details of thousands of motorists could be accessed online without using a password. 

The ICO have been made aware of the data breach, which exposed 8.6million records of journeys on Sheffield's roads.

Glasgow city councillors accuse council of breaching data protection law

Glasgow city councillors are worried that their communications with their constituencies are being shared with third parties without their consent, in a potential breach of the Data Protection Act. 

Following the coronavirus outbreak, Glasgow City Council has changed the process of communications for local councillors to help streamline communications. Councillors are alleging that their communications, which contain private and confidential information, are being shared with the local councillor's business manager who then directs the queries to the Chief Executive department.

Nintendo Switch owners urged to protect their accounts 

Nintendo Switch owners are being urged to secure their accounts using two-factor authentication after an increase in fraudulent attacks. 

Hackers are logging onto individual Nintendo accounts and using linked PayPal accounts to make expensive purchases.

There has been speculation that the attacks may be linked to Nintendo's older account system, the Nintendo Network ID.

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Dr. Nathalie Moreno

Dr. Nathalie Moreno

Partner, Commercial Services
London

View profile
Beatrice Duke

Beatrice Duke

Managing Associate, Commercial
Leeds, UK

View profile