Privacy protection trouble is brewing. Will it reach you?

The European Union and its privacy protection laws may seem far away. But are they really? Earlier this year, the first case of General Data Protection Regulation (GDPR) enforcement hit North America. And some are wondering if more could be coming. The GDPR, which only became official in May, is now testing how far it can really reach. This fall, the UK’s Information Commissioner’s Office (ICO) launched legal action against a small Canadian company, AggregateIQ, a company that has no presence overseas. The ICO alleges that company was involved in data processing for supporters of the 2016 Brexit campaign and was tangled in the Cambridge Analytica scandal, as well. GDPR rules were broken as a result of this involvement, they say. What GDPR rules may have been ignored? Some of the provisions the ICO is focusing on include:

• Not processing data lawfully, fairly, or transparently.
• Not making clear the purposes of collection.
• Not limiting data collection to only what is necessary.

The ICO is ordering the company not to simply pay fines, but to completely end their data processing of any UK or EU citizens. If not, it could be subject to millions in fines. This case is mission critical for the ICO, a test of the GDPR’s scope and power. Will the law be strong enough to control companies not even on its shores? And there’s another twist in this story—Brexit. AggregateIQ has said it will appeal this legal action, but that appeal will take time. And as the case moves slowly through the legal system, Britain moves through its own Brexit process. It’s not immediately clear how the GDPR will emerge from Brexit. But another question remains: are US-based companies next? Experts advise them to watch this case closely. It’s believed AggregateIQ will likely challenge the case not only on its merits but also on its jurisdiction. Keep your customers and your company protected. Choose support from a professional partner like ClearStar. Want to know more? Connect today!

At ClearStar, we are committed to your success. An important part of your employment screening program involves compliance with various laws and regulations, which is why we are providing information regarding screening requirements in certain countries, region, etc. While we are happy to provide you with this information, it is your responsibility to comply with applicable laws and to understand how such information pertains to your employment screening program. The foregoing information is not offered as legal advice but is instead offered for informational purposes. ClearStar is not a law firm and does not offer legal advice and this communication does not form an attorney client relationship. The foregoing information is therefore not intended as a substitute for the legal advice of a lawyer knowledgeable of the user’s individual circumstances or to provide legal advice. ClearStar makes no assurances regarding the accuracy, completeness, or utility of the information contained in this publication. Legislative, regulatory and case law developments regularly impact on general research and this area is evolving rapidly. ClearStar expressly disclaim any warranties or responsibility or damages associated with or arising out of the information provided herein.