For many, it has been a long held wisdom that the application of data protection law applies only to information which is held in recorded form. Those with prior experience of dealing with subject access requests know only too well that any complaints about a colleague or a customer should be made verbally and never in writing. It appeared then to be a natural extension of that reasoning that data protection law did not apply to any disclosures which were made verbally as opposed to in any written form, whether email, direct message or letter.
The UK-US “data bridge” came into force in October. It follows a period in which transferring data to the US was prohibited under the UK GDPR without a transfer mechanism in in place.
After years of debate, the UK Parliament has signed off on the Online Safety Bill ("the Bill"), marking a significant stride towards a safer online environment for children and increased accountability for tech companies. Technology Secretary Michelle Donelan celebrates the Bill as a means of securing the online safety of British society. This pivotal development has however not been devoid of controversy, particularly concerning privacy.
The “femtech” revolution has grown to encompass a wide range of technology-enabled and consumer-centric products and apps designed to enable better outcomes for female patients and consumers. One example is Flo, a women’s health app which invites its more than 100 million global users to enter daily – and personal - details about their menstrual cycles with a view to tracking their periods and fertility.
In July 2023, the European Commission confirmed that it had adopted an adequacy decision in respect of the EU-US Data Privacy Framework. The decision states that the Commission considers that the data protection safeguards which the Framework provides, are comparable to those provided by EU law.