Latest legal and regulatory news: 20th November 2020

Latest legal and regulatory news: 20th November 2020

In this issue:

Risk & Compliance

Commercial

Corporate

Information Law & TMT

Employment

Additional news—daily and weekly news alerts

Dates for your diary

Useful information

In-house

LexTalk®In-house: a Lexis®PSL community  


 

Risk & Compliance

Data protection

The Information Commissioner’s Office (ICO) has issued a statement in response to new recommendations from the European Data Protection Board (EDPB) on international transfers of personal data following the Court of Justice’s decision in Schrems II, Case C-311/18 (see LNB News 11/11/2020 75). The ICO says it is reviewing the recommendations published by the EDPB. See: LNB News 16/11/2020 24. In the meantime, we’ve updated all the tools and guidance in our International transfers of personal data subtopic to reflect the EDPB recommendations.

The Departments for Digital, Culture, Media & Sport and Business, Energy & Industrial Strategy (BEIS), along with the Office for Civil Society and the ICO have published updated guidance on data protection and data flows. See: LNB News 16/11/2020 108.

The ICO is allowing organisations less latitude for pandemic-related reasons, in relation to their compliance with data protection rules, judging by updates to two of the ICO’s guidance documents. See News Analysis: ICO tightens approach to data protection enforcement during pandemic.

The ICO has fined Ticketmaster UK Ltd (Ticketmaster) £1.25m for its failure to protect customers’ payment details. The ICO found that Ticketmaster did not put appropriate security measures in place to prevent cyber-attacks on a chat-bot which was installed on its online payment page, in breach of the GDPR. As a result, the payment cards of 60,000 Barclays Bank customers had been subject to known fraud, and 6,000 Monzo Bank customers had to have bank cards replaced after suspected fraudulent use. See: LNB News 13/11/2020 30 and News Analysis: Ticketmaster plans to challenge UK regulator’s GDPR fine

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.