Enforced subject access requests now a criminal offence in UK

With effect from 10 March 2015, carrying out ‘back-door’ criminal record checks on potential employees by requiring them to make a subject access request (SAR) for information related to their criminal past has become a criminal offence. This will impact employers or service providers who regularly require individuals to make a SAR to the Disclosure and Barring Service (DBS) for information that they are otherwise not legally entitled to obtain through DBS checks.

New general data protection regulation threaten European health research

The medical industry across the EU has expressed concern that the wording of the new regulation will require specific consent to be obtained from each donor every time new research is carried out on data or tissue donated for medical research. Medical professionals stress the impact such onerous consent requirements could have on European health research and are campaigning to remove such administrative burdens.

Volkswagen rejects cloud computing

Car manufacturer Volkswagen has rejected the use of cloud computing after highlighting concerns around its security. Volkswagen has chosen in favour of internal hosting due to the stringent regulations in Germany and a desire to ensure security of its data. The car manufacturer produces data at every stage of the supply chain and uses this to underpin its strategy of connecting cars with technology.

Netherlands and US sign data protection agreement

On 9 March, the Netherlands’ Data Protection Authority and the US Federal Trade Commission signed a memorandum of understanding “to enhance information sharing and enforcement cooperation on privacyrelated matters”. This is a move towards greater consumer privacy and facilitates cross-border enforcement between the agencies to take action against those who violate privacy laws. This follows the signing of similar documents with the UK and Ireland’s Data Protection Authorities.

Qatar prohibits unsolicited marketing by email

Following cybercrime legislation passed in 2014, the Qatari cabinet has endorsed a draft decision to protect privacy of personal data. The decision extends the existing legislation to cover data processed electronically, or obtained in advance of electronic processing. The legislation also prohibits the sending of direct marketing by electronic communication without personal approval from the recipient.

Decision imminent on controversial Paraguayan online data privacy bill

This week the Paraguayan House of Representatives will make a decision on a mandatory state data retention proposal. The much debated bill would require Paraguayan telecoms providers to store information about their customers’ internet use for one year. This information will also be made available to law enforcement agencies: the justification being the prevention of crime. Campaigners argue that this would be a breach of civil liberties and the online group Pyrawebs has been set up to protest against such intrusion.