In this episode Jonathan Armstrong and Tom Fox look back at the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law that was in place before GDPR went live.
The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights.
Some of the issues and highlights are:
- The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning.
- The settlement with the company left open the possibility of criminal charges against individuals.
- How wide is the jurisdiction of the ICO? This case tested the limits.
- Always remember data subjects have rights.
- What are the key takeaways on the case?
- A vigorous defense of a civil action can lead to higher regulatory fines.
- What does a corporate regime change mean for regulatory enforcement?
For a more detailed analysis, see the Cordery Client alert, here.
You can listen to the podcast by clicking on the link Episode 21
Also have a look at GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
For more information please contact Jonathan Armstrong or André Bywater who are London-based lawyers with Cordery where their focus is on compliance issues
Office: +44 (0)207 075 1784
Office: +44 (0)207 075 1785