Included in this edition of data & privacy news: ICO publishes response to Government's announcement on extension for personal data flows; TikTok faces lawsuit and more...

ICO publishes response to Government's announcement on extension for personal data flows

The ICO has published a statement in response to the UK Government's announcement that the Treaty agreed with the EU will allow for an extended period for personal data flows enabling businesses and public bodies to continue to freely receive data from the EU (and EEA).

The ICO has recommended that businesses work with the EU and EEA organisations who transfer personal data to them during this period to put in place alternative transfer mechanisms to ensure that the free flow of personal data is uninterrupted.

Information Commissioner Elizabeth Denham has said the ICO will provide guidance on their website to "reflect the extended provisions and ensure businesses know what happens next". 

TikTok faces lawsuit for violating children's data privacy law in the UK

TikTok, a popular video sharing app, is facing a fresh legal challenge in the UK for violating children's privacy law. 

The lawsuit is being brought by a 12-year old girl in the UK with the support of England's children's commissioner Anne Longfield. The children's commissioner is hoping that the court will order TikTok to delete the child's data, as well as create stronger protections for users aged under 16. 

A preliminary hearing has already been held to grant anonymity to the child.

Institute and Faculty of Actuaries warns of cyber risk threat to pensions schemes  

The Institute and Faculty of Actuaries (IFoA) has warned of the "significant threat" that cyber risks pose to pensions schemes, advising trustees to assess their "personal cyber hygiene" to mitigate the risk of cyber attacks.

The IFoA warned that cyber risks could cripple administration, breach confidentiality of pension schemes and defraud employers.

Trustees should assess their passwords, ensure adequate virus and anti-malware protections are in place, assess their email security monitoring and consider whether the third-party has sufficient financial resources to deal with costs in case a cyber attack does occur. 

High Court rules on use of thematic warrants for equipment interference

The High Court has ruled that it was unlawful for GCHQ and MI5 to use thematic warrants issued under Section 5 of the Intelligence Services Act for equipment interference. 

Privacy International, a UK-based charity, has been challenging the legality of these warrants for the past 5 years. 

All targets for equipment interference (otherwise known as hacking) will now have to be scrutinised by a secretary of state, rather than being left to the discretion of intelligence agencies. 

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile
Dr. Nathalie Moreno

Dr. Nathalie Moreno

Partner, Commercial and Data Protection

View profile