Category Data Protection

BEIS publishes Green Paper on modernising consumer markets

The Department for Business, Energy and Industrial Strategy is consulting on proposals which, among other issues, seek to to improve the consumer experience in regulated markets for utilities, telecommunications and financial services and to ensure consumers buying and selling online benefit from new technology and business models, and have appropriate protection for their personal data. […]

FCA and PRA publish business plans

The FCA and the PRA have both published their business plans for 2018/2019. The FCA’s business plan shines a spotlight on consumer protection, including in relation to pension products and high-cost credit, as an area of concern for the forthcoming year, as well as ongoing programmes such as Brexit, and firms’ culture and governance (including […]

Complaints Commissioner concerned about information sharing between FOS and FCA

In a recent report the Complaints Commissioner expressed concern about the absence of published information about how and in what circumstances information about live ombudsman cases may be shared between the FOS and the FCA. The complaint alleged that the FCA illegally influenced the FOS in its handling of complaints against a firm represented by […]

FCA and ICO update on GDPR

An update from FCA and the ICO confirms FCA’s view that firms can comply with both the GDPR and its rules. The update notes that GDPR is a board level responsibility, and firms must produce evidence to show what they have done to comply with it. FCA also notes that, although the ICO will regulate […]

The UK’s developing cyber insurance market

We have written an article that assesses the UK’s developing cyber insurance market in the context of the changing regulatory landscape and looks at the possible benefits and risks associated with the proposal to share data breach information between insurers and the ICO.

GDPR compliance: the final countdown

We have written an article on the final countdown to GDPR compliance.

ICO fines 4 firms for nuisance calls and spam texts

The ICO has fined four firms a total of £600,000: Barrington Claims Limited had made over 15 million automated calls about PPI; Newday Limited used other firms to send 44.7 million spam emails to promote its financial products to people who had subscribed to websites the other firms operated; Goody Market UK Limited, operator of […]

FCA publishes distributed ledger technology feedback statement

Following the publication of its discussion paper regarding the risks and opportunities, and characteristics of distributed ledger technology (DLT) in April 2017, the FCA’s feedback statement FS17/4 sets out responses received and the FCA’s next steps. The responses related to the following issues: operational risk, including outsourcing and network security; digital currency, including digital currency […]

LMA publishes London Market Core Uses Information Notice in light of GDPR

The Lloyd’s Market Association (LMA), along with the International Underwriting Association of London, the London & International Insurance Brokers’ Association and the British Insurance Brokers’ Association, has published a London Insurance Market Core Uses Information Notice, which takes into account GDPR requirements. The Notice has been designed to assist a market participant and to help data […]

ENISA publishes recommendations on cyber insurance

The European Union Agency for Network and Information Security (ENISA) has published a report on the commonality of risk assessment language in cyber insurance. ENISA comments on the growth of the cyber insurance market and its anticipated further expansion as a result of the General Data Protection Regulation and the Directive on Network and Information […]

ICO launches new advice service to help small organisations with GDPR preparations

The Information Commissioner’s Office (ICO) has launched an advice line in order to help small organisations prepare for compliance with the EU General Data Protection Regulation (GDPR),  which is due to come into force in May 2018. The phone service is aimed at people running small businesses or charities and recognises the particular problems they face […]

FCA report – lessons learned from its regulatory sandbox

On 20 October 2017, the FCA published a report on lessons learned from its regulatory sandbox. As a reminder, the regulatory sandbox allows firms to test innovative products, services and business models in a live market environment, while ensuring that appropriate safeguards are in place. The report contains the FCA’s reflections on how the sandbox […]

EBA: Overview of PSD2 national transposition projects and new reports

The EBA recently published a table which includes key questions around the Payment Services Directive 2 (PSD2) transposition activities and dates of the different EEA countries. In addition, the EBA has announced the release of two new publications in its ongoing series of working group papers, dealing with PSD2 and distributed ledger technology (DLT) driven opportunities for new […]

ABI comments on the impact of the GDPR on innovation in insurance

On 12 October 2017, the Association of British Insurers (ABI) published a blog on the impact of the GDPR on innovation in insurance. The ABI discusses a recent study on “Harnessing Innovation in European Insurance” undertaken by an independent research company, PAC, and BAE Systems. The study reports that “only one third of European insurers believe themselves to […]

EIOPA speaks on future disruption to the insurance industry

Dr. Manuela Zweimüller, Head of Policy Department at EIOPA, has delivered a speech on what will the future hold? The European insurance industry in times of major disruption. The speech highlights challenges in respect of InsurTech, Brexit and Regulatory stability. EIOPA considers that the insurance industry needs to reinvent itself in respect of InsurTech and […]

ICO fines bank for spam marketing

The ICO has fined Vanquis Bank £75,000 for sending 870,000 texts and 620,000 emails promoting its credit cards to recipients who had not consented to receive them. It had used marketing lists from other organisations and relied on indirect consent rather than checking the right levels of consent had been obtained. ICO found the consent […]

Insurance Europe publishes GDPR Data breach notification template

Insurance Europe has published a webpage on cyber insurance and a template for breach notifications under GDPR.

Government publishes DP Bill statement of intent

We have written an article on the Government’s statement of intent for the Data Protection Bill.

ICO fines loan firm for nuisance texts

The Information Commissioner’s Office has fined Provident Personal Credit Ltd £80,000 for sending nearly 1 million unsolicited texts promoting personal loans. The company used third party affiliates to send the communications, to which the recipients had not consented.

ESMA responds on Fintech

ESMA has responded to the Commission’s consultation on Fintech. It sees Fintech as a positive evolution so long as business models continue to aim to improve the customer experience and financial inclusion. It identifies some concerns that it thinks need to be addressed, including: the risks (from a market integrity and investor protection standpoint) and costs […]

ICO publishes Information Rights Strategic Plan 2017 – 2021

The Information Commissioner’s Office (ICO) recently published its information rights strategic plan 2017 – 2021. The strategic plan sets out the ICO’s mission to increase the trust that the public has in government, public bodies and the private sector; including trust in transparency, in the digital economy and in digital public service delivery. It also […]

The European Data Protection Supervisor publishes 2016 Annual Report

Giovanni Buttarelli, the European Data Protection Supervisor (EDPS) presented the EDPS Annual Report 2016 to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs on 4 May 2017. By way of reminder, the EDPS is the EU’s independent data protection authority, tasked with ensuring that the institutions and bodies of the EU respect […]

meps call for acceleration of eu fintech development

Economic and monetary affairs committee MEPs want the EU to accelerate the development of financial services enabled by new technologies (FinTech). Their key priorities are: Cybersecurity and data protection: the need for end-to-end security across the whole financial services value chain and to create more awareness among the consumers regarding the value of their personal […]

ICO fines financial firm for sending unsolicited texts

The ICO has fined Monevo Limited, a finance brokerage firm, £40,000 for sending unsolicited marketing texts without proper consent. Between April 2016 and June 2016, the company sent 44,172 texts encouraging people to apply for loans and 130 complaints were made, prompting the ICO investigation. Under the Privacy and Electronic Communications (EC Directive) Regulations 2003, […]

The Government calls for views on GDPR derogations

The UK Government has launched a Call for Views on the derogations (exemptions) from the EU General Data Protection Regulation (GDPR), which comes into force on 25 May 2018. Although there is limited scope for flexibility, the GDPR does allow member states to exercise their discretion over how certain provisions of the GDPR will apply […]

Draft GDPR Guidance receives a significant response

The Information Commissioner’s Office (ICO) recently announced that it has received a large number of responses to its consultation on the draft  GDPR Consent guidance.   The GDPR Consent guidance sets down the ICO’s recommended approach to compliance and what counts as valid consent. It also provides practical help to decide when to rely on consent […]

FCA speaks on the next phase of Project Innovate

On 10 April 2017, Christopher Woolard, the FCA’s Executive Director of Strategy and Competition delivered a speech at the Innovate Finance Global Summit in London. The speech considers the work of the FCA’s Project Innovate to date including the Regulatory Sandbox initiative. Mr Woolard explained the FCA’s commitment to supporting innovation and its desire for […]

FCA publishes discussion paper on distributed ledger technology

The FCA has published a discussion paper on distributed ledger technology (DLT). The discussion paper describes DLT and acknowledges blockchain as a type of DLT. The FCA invites a discussion on two sets of issues: What new risks and opportunities does DLT present to the FCA’s statutory objectives of market integrity, consumer protection and competition? Can DLT […]

HMT issues regulatory innovation plan

The government’s vision is for UK financial services to be the most competitive and innovative in the world, supplementing existing services with greater choice and value for consumers. The innovation plan covers how financial services regulators are adapting and encouraging new technologies and disruptive business models, and better utilising new technologies to reduce regulatory burdens […]

FCA to tackle contactless card fraud

John Griffith-Jones, Chairman of FCA and Payment Systems Regulator, has written to Rt Hon. Andrew Tyrie MP, Chairman of the Treasury Committee, about contactless card fraud. In 2015 there was £2.5m of reported contactless fraud, out of £7.75bn of contactless transactions. In his letter, Griffith-Jones highlights the key risk as merchants who process payments ‘offline’ (ie batch […]

“Same business, same risks, same rules” – ECB comments on regulation of Fintech

In a statement made at an ECB Fintech Workshop, Sabine Lautenschläger (Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the ECB) told the audience how the ECB sees some of the following as risks: New players make the market more competitive. And that could squeeze profits and force […]

ICO fines credit broker for unsolicited texts

The ICO has fined a credit broker £20,000 for sending unsolicited communications in breach of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. Munee Hut markets its services partly through affiliates that send marketing texts that direct recipients to Munee Hut’s website.  Between mid-2015 and spring 2016, 885 complaints were made about receipt […]

Treasury speaks on Fintech

Simon Kirby, Economic Secretary to the Treasury, spoke at the LSE Global Fintech Investor Forum where he emphasised UK dominance in Fintech innovation. Mr Kirby gave three examples of what others envy in the British system: FCA’s regulatory sandbox, the Bank of England’s Fintech Accelerator and the Fintech Delivery Panel. He also mentioned the Open […]

ICO and FCA hold big data use forum

The Information Commissioner’s Office (ICO) and FCA have published a summary of their forum on the use of Big Data in retail general insurance. The forum, held on 16 January 2017, was to engage with the insurance industry following stakeholder concerns raised as part of FCA’s call for input, on which it published a feedback statement […]

ICO fines credit broker for unsolicited texts

The ICO has fined Digitonomy Ltd £120,000 for sending millions of marketing texts without proper consent. The company is an FCA-authorised credit broker, which generates leads for its business through affiliates sending marketing texts directing readers to websites offering loans. Between April 2015 and February 2016, the company instigated the sending of nearly 6 million […]

Government publishes Brexit White Paper

The Government has published its White Paper on building a new relationship with the EU after Brexit. The paper looks at the basis on which the Government wants to address the 12 principles Theresa May set out on 17 January. However, the Government says it has respected Parliament’s wish that it does not publish detail […]

Brexit Committee calls for Parliamentary vote on Brexit deal

The first report of the committee on exiting the EU calls for the Government to publish its Brexit plan by mid-February, and says that plan should set out the Government’s position on membership of the single market and should commit that Parliament will be able to vote on the final Treaty. Among the priorities the […]

House of Commons looks at legislating for Brexit

The House of Commons Library has published a report looking at how many EU laws are directly applicable in the UK (around 5,000), and will therefore cease to apply in the UK once the European Communities Act 1972 is repealed, unless other provision is made for them. The Government says the so called “Great Repeal […]

ICO fines RSA for DP breach

The Information Commissioner’s Office (ICO) has issued Royal & Sun Alliance Insurance PLC (RSA) with a monetary penalty notice (£150,000) because of a serious breach of the seventh principle (the requirement to keep data secure) of the Data Protection Act 1998 by RSA. Between 18 May 2015 and 30 July 2015, a portable Network Attached […]

ICO revises Privacy Notices code of Practice

The ICO has recently issued a revised Privacy Notices Code of Practice, which we have reviewed in our recent article on the Code for the Privacy and Data Protection Journal.

ICO fines FS institution for breach of PECR

On 3 November, the ICO imposed a monetary penalty of £70,000 on Nouveau Finance Limited for marketing activities carried out on Nouveau’s behalf by a third party in contravention of the Privacy and Electronic Communications Regulations. Nouveau used a third party to send out 2.2 million unsolicited marketing texts to generate leads. This resulted in […]

UK confirms adoption of the GDPR

The UK Government has confirmed that the UK will adopt the GDPR . Secretary of State Karen Bradley MP stated: ‘We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be […]