Day: July 7, 2019

[et_pb_section fb_built=”1″ fullwidth=”on” custom_padding_last_edited=”on|desktop” admin_label=”Section” _builder_version=”3.0.99″ background_color=”#ffffff” custom_padding=”|||” custom_padding_tablet=”50px|0|50px|0″ transparent_background=”off” padding_mobile=”off” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” global_module=”136″][et_pb_fullwidth_header title=”Employment Law News” admin_label=”Fullwidth Header” _builder_version=”3.21.1″ title_font=”||||||||” subhead_font=”||||||||” background_color=”rgba(255, 255, 255, 0)” background_image=”http://davidk423.sg-host.com/wp-content/uploads/2017/09/bdbf_final-stages-1-4-1.jpg” button_one_text_size__hover_enabled=”off” button_one_text_size__hover=”null” button_two_text_size__hover_enabled=”off” button_two_text_size__hover=”null” button_one_text_color__hover_enabled=”off” button_one_text_color__hover=”null” button_two_text_color__hover_enabled=”off” button_two_text_color__hover=”null” button_one_border_width__hover_enabled=”off” button_one_border_width__hover=”null” button_two_border_width__hover_enabled=”off” button_two_border_width__hover=”null” button_one_border_color__hover_enabled=”off” button_one_border_color__hover=”null” button_two_border_color__hover_enabled=”off” button_two_border_color__hover=”null” button_one_border_radius__hover_enabled=”off” button_one_border_radius__hover=”null” button_two_border_radius__hover_enabled=”off” button_two_border_radius__hover=”null” button_one_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover=”null” button_two_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover=”null” button_one_bg_color__hover_enabled=”off” button_one_bg_color__hover=”null” button_two_bg_color__hover_enabled=”off” button_two_bg_color__hover=”null”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22.3″][et_pb_row admin_label=”row” _builder_version=”3.22.3″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”3_4″ _builder_version=”3.0.47″][et_pb_text admin_label=”Text” _builder_version=”3.23.3″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

Expected and Unexpected Examples of GDPR Enforcement in Action

On 25 May 2018, one of the most highly anticipated laws of our time came into force. The General Data Protection Regulation (GDPR) has celebrated its first birthday. We are now all used to clicking on OK to consent notifications on every website we go to. Although these can be frustrating, following the Cambridge Analytica scandal, which opened people’s eyes to data harvesting by corporations, it feels good to have control over how our personal data is used.

Twelve months on, this article examines how the GDPR has worked, using two examples – one that was expected and another that is a little left-field.

Big tech issued fines for GDPR breaches

The harsh fines which can be levied for GDPR breaches are well-known. Non-compliance risks a fine of up to €20 million or 4 per cent of an organisation’s global turnover.

Technology companies have been the first to be hit with fines. In January 2019, Google was fined €50 million (£44 million) by the French data protection authority CNIL . Two NGOs, None Of Your Business (NOYB) and La Quadrature du Net (LQDN), accused Google of “not having a valid legal basis to process the personal data of users of its services, particularly for ads personalization purposes”. The CNIL stated that Google had failed in its transparency obligations to explain exactly how it uses people’s data. In addition, the CNIL said that the users’ consent with the processing of their data for advertisement personalisation is not obtained validly.

“First, the restricted committee observes that the users’ consent is not sufficiently informed. The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent.”

“Then, the restricted committee observes that the collected consent is neither ‘specific’ nor ‘unambiguous’.”

Also, Google had not made easily accessible guidance on matters such as the reasons for data processing, and the length of time data is stored by the company, as required under the regulations.

In November 2018, A German chat site was fined €20,000 (£17,809) following a major data breach. Knuddels.de suffered a breach that saw 330,000 users’ information, such as email addresses and passwords placed on Mega.nz and Pastebin.com.

LfDI Baden-Württemberg, the regional data protection authority stated: “By storing the passwords in clear text, the company knowingly violated its duty to ensure data security in the processing of personal data in accordance with GDPR Article 32(1)(a).”

It is interesting to note that the privacy watchdog commented on the excellent cooperation and full transparency of Knuddels.de during the investigation. It was also noted that post-breach, enhanced security measures had been put in place. This seems to have resulted in a smaller fine than may have been imposed had the company behaved less favourably.

Verdict – Expected

Big tech was always going to be at the forefront of GDPR breaches simply by virtue of the fact that they handle so much data. However, other organisations have also been hit with fines. For example, the Central Hospital of Barreiro Montijo in Portugal was fined €400,000 after staff used fake profiles to illegally access patient data.

Apple, Amazon, Netflix, and Spotify are currently being investigated by the Austrian privacy regulator for non-compliance with Article 15 of the GDPR. So expect more eye-watering fines to be issued in the near future.

Prince Harry wins a privacy battle against Splash News and Pictures on GDPR grounds

The Duke of Sussex (aka Prince Harry) won a substantial claim against photography agency Splash News and Pictures after they used a helicopter to take pictures inside the home rented by him and his wife. Photographs published by various news outlets in both print and online on 11 January 2019 were said to have “very seriously undermined” the couple’s security.

The Duke of Sussex’s legal team argued the media outlet’s actions caused a breach of the couple’s right to privacy according to Art. 7 and 8 of the European Convention on Human Rights (ECHR) as well as a breach of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA).

Article 5 of the GDPR requires all data controllers and processors to handle personal data (such as names, pictures and stories relating to them) fairly and in a transparent manner while also using it for a legitimate purpose.

Verdict – Not expected but hugely welcome to celebrities and royalty

Ever since the tragic death of Princess Diana, celebrities and royalty have fought hard to control their right to privacy. The GDPR appears to have provided them with a powerful weapon to conduct that battle. When obtaining pictures or footage of a person, the data controller needs a reason to use them. This can be in the form of consent (for example, the person in question was attending a pre-arranged movie premiere or charity function where press photographs are permitted). If no consent was given, which is the case with most paparazzi photos and footage, the controller must prove they have a legitimate interest, or it is in the public interest to use the material. In the case above, the way the photos were collected would make it very difficult to successfully argue that the media organisation’s legitimate interest or the interest of the public outweighed the right to a person being able to enjoy a level of privacy in their own property.

Final words

What all these examples show is that regulators across Europe are prepared to act decisively to enforce GDPR principles. This means organisations cannot afford to ignore continuous compliance monitoring. Data maps must be kept current to ensure that if a breach occurs or a Subject Access Request is made, the location of affected data can be swiftly identified. It is also imperative to regularly review whether your organisation’s data processing activities mean a Data Protection Officer should be appointed, as provided for in Article 37. And finally, GDPR training and communication should be rolled out across all teams regularly.

If you have any questions regarding employment law and/or GDPR matters, please do not hesitate to call the BDBF team of employment lawyers on 020 3828 0350.

BDBF is a leading employment law firm in the City of London.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.0.47″][et_pb_sidebar orientation=”right” area=”sidebar-1″ admin_label=”Sidebar” _builder_version=”3.0.74″ remove_border=”off”] [/et_pb_sidebar][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22.3″][et_pb_row admin_label=”row” _builder_version=”3.22.3″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][/et_pb_row][/et_pb_section]

London’s Tech Week Showcases Why UK Technology is Surging Ahead

According to the FT, while the UK is being buffeted by Brexit headwinds, the tech sector is now growing at one and a half times the rate of the wider economy. So significant is this growth that the UK is now considered the unicorn capital of Europe, having produced 13 firms valued at more than $1bn (£784 million) since 2018, taking its total to 72.

London Tech Week, celebrated last month, has shown why the UK is a world-class technology innovation hub at the forefront at the so-called fourth industrial revolution. The event has, in particular, focused on a number of key specialisms, including connecting global markets, cybersecurity, digital transformation, innovation, people and skills, social, and start-up scaleup.

For those who missed London Tech week but are still keen to have a glimpse of the future, the ‘AI: More Than Human review’ exhibition at the Barbican, which is running until the end of August 2019 is a great place to start. The experience is showcasing some of the very latest AI projects including Deepmind by Alphabet (the parent company of Google), Massachusetts Institute of Technology (MIT) and artists such as Mario Klingemann and Massive Attack. One particularly enlightening and thought-provoking exhibit by Joy Buolamwini is designed to show the in-built racial and gender bias within face recognition technology.

In this article, we will take a look at some of the most innovative tech businesses which we believe have the potential to be transformative, and dare we say, ‘disruptive’. In truth, there are so many innovative tech companies covering every conceivable sector and specialism, it is almost impossible to narrow these down; however, we recommend watching:

The Small Robot Company– Far from being toys, this agri-tech firm is trying to revolutionise farming by using small robots to undertake many of the tasks required in the growth of crops. According to their website, their robots will care for each plant individually, feeding and spraying automatically when needed, and providing nutrients and support. Their point of difference is that by providing bespoke care for each plant, not only will the yield be increased, but costs will be lowered by cutting wastage. Core to their offering is the ability for robots to collect data and analyse it using a ‘neural network’ which at present allows them to “tell wheat from weeds, and locate a plant to 2cm”. They are even proposing a Farming as a Service (FaaS) model, whereby farmers simply pay a set fee per month, and the company will manage all aspects of robot maintenance and replacement. They still have some way to go, having built three prototypes, but they have secured 20 initial clients, including the Natural Trust. A weeding robot is expected to commence trials in October 2019.
Moonbug– This UK / US company is tapping into the market of digital content for pre-schoolers. As any parent will attest to, it is almost impossible to manage the content children now interact with, in the forms of online videos and video games. Moonbug’s intention is to ‘inspire and engage’ children through storytelling; teaching them healthy values, building vocabulary, counting skills, emotional development, how to be a friend, and management of emotions. The company was only founded in 2018, but they have robust ambitions to revolutionise the children’s entertainment sector, in a manner which is safe but beneficial.
Darktrace– Darktrace is blending AI with cybersecurity, to detect cyber threats as they emerge, rather than relying on a database of known risks. They say they have modelled their AI technology on how the human immune system works, by learning what is ‘normal’ within the environment and therefore noticing threats which may otherwise go unnoticed. Their technology works on corporate networks and cloud-based environments. Given the rapid increase in crippling cyberattacks in recent years, and the known threat from cybercriminals and state actors, we believe Darktrace is on a rapidly upward trajectory. So much so, it is already worth £1.3bn after only five years in operation.
Improbable– Improbable is a $2bn UK computer gaming technology company. Their technology, SpatialOS, allows real-time computer game companies to quickly develop highly detailed virtual worlds, which can then be displayed using games consoles and computers.
Birdie– With the well-established challenges of caring for an ageing population, Birdie aims to improve the standard of care and safety for service users whether looked after by agencies and/or families. Birdie uses a series of internet-connected sensors placed around the home of the care service user which will detect falls and behaviour such as wandering – immediately alerting their carer. Their solution also automatically assesses integrated care report and sensor data, using AI to identify patterns of deterioration – automatically informing those who need to know. By bringing together the Internet of Things (IoT) with data analytics, we believe Birdie may have a winning formula.

Final words

While Brexit continues to pose an ongoing challenge to UK business, it is refreshing to see that by focusing on continued innovation and creating the optimal conditions for this to occur, the UK remains a pivotal player in the world of technology. Given the talent of our best and brightest minds, we have every reason to believe that our tech firms will continue to help solve some of the world’s most pressing issues, including cybercrime and global warming, leading to further growth and success.

BDBF are employment law specialists.

Contact us on 020 3828 0350 for employment law advice.