Facial recognition in school leads to Sweden’s first GDPR fine
The Swedish DPA has fined a municipality 200 000 SEK for using facial recognition technology to monitor the attendance of students in school. A school in northern Sweden conducted a pilot using facial recognition to keep track of students’ attendance in school. The test run was conducted in one school class for a limited period of time. The Swedish DPA concluded that the test violated several provisions of the GDPR. In Sweden public authorities can receive a maximum fine of 10 million SEK. This is the first fine issued by the Swedish DPA. The school processed sensitive biometric data unlawfully and failed to do an adequate impact assessment including seeking prior consultation with the Swedish DPA. The school based the processing on consent but the Swedish DPA considered that consent was not a valid legal basis given the clear imbalance between the data subject and the controller.
Proposed reforms to permitted development rights to support the deployment of 5G and extend mobile coverage
The UK government has launched a consultation seeking views on the principle of amending permitted development rights for operators with rights under the Electronic Communications Code to support deployment of 5G and extend mobile coverage, and the circumstances in which it would be appropriate to do so. The consultation also seeks views on whether it is appropriate to impose specific limitations, conditions and restrictions on any amendments to permitted development rights to mitigate the impact of any new development. The consultation ends on 4 November 2019.
SCL Trustee appears on BBC Radio 4’s Unreliable Evidence
During an episode of Unreliable Evidence, Clive Anderson and guests including Cynthia O’Donaghue, SCL Trustee, asked whether “the laws protecting our data are keeping up with technological change. Are layers of bureaucracy hampering high-tech development?”
HMCTS outlines progress to the Public Accounts Committee
HM Courts & Tribunals Service has issued a response to the Public Accounts Committee outlining the progress it has made against 15 milestones relating to its court transformation programme since January 2019. It also provides the key milestones which it plans to deliver by its next major programme checkpoint in May 2020.
Suppliers and resellers of illegal sports streaming services targeted in joint FACT and Premier League initiative
FACT investigators and UK law enforcement agencies have served Cease and Desist notices on individuals suspected of supplying illegal sports streaming content. The initiative was a collaboration between the Premier League and FACT aimed at preventing the illegal supply of sports streams in the UK and globally ahead of the 2019-20 football season. Whilst all the individuals visited were operating at a relatively low level, the initiative was aimed at preventing them from undertaking further criminal activity and deterring others from getting involved. The initiative follows a series of successful prosecutions by FACT working with the Premier League. In March 2019 three sellers of illegal streaming devices from a pirate streaming organisation were given a combined total of 17 years imprisonment for defrauding the Premier League, some of the longest sentences for piracy-related crimes.
More than £900,000 confiscated from cyber hacker
A hacker who carried out cyber-attacks on more than 100 companies worldwide has been ordered to pay back £922,978.14 of cryptocurrency. The order was made under the Proceeds of Crime Act 2002. The hacker was responsible for attacks on more than a hundred companies worldwide. He predominately used ‘phishing’ email scams to obtain the financial data of tens of thousands of customers and would then sell this personal data in different market places on the dark web. He would then convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts. He was also sentenced to over ten years in jail.
UK government announces changes to traffic data legislation
The Department for Transport has announced changes to traffic data legislation, with the aim of allowing greater access and increasing opportunities for artificial intelligence in traffic monitoring. This will increase scope for ‘the next generation of navigational apps’, allowing drivers to be warned of disruptions months in advance to reduce delays and pollution. Tech firms could soon get access to this data due to a review of legislation around Traffic Regulation Orders – the orders behind restrictions on the road network which allow for temporary roadworks or permanent changes to the road. Evidence suggests that opening up the data could also help with route planning systems for self-driving vehicles
European Commission launches dialogue between platforms and rights holders
The European Commission has issued a call for expression of interest to participate in the stakeholder dialogue on the application of Article 17 of the Directive on Copyright in the Digital Single Market on the use of protected content by online content-sharing service providers. The Commission will hold the first stakeholder meeting on 15 October in Brussels. The objective of the meeting is to gather and map existing practices for the use of copyright-protected content by online content-sharing service providers in cooperation with rights holders, as well as to gather user experiences to feed into new guidance. The deadline for applying is 18 September.