Data protection and technology sourcing

Developments in technology, business practice and implementation require the technology sourcing practitioner to understand characteristics of the technology deployed, how data is used and transferred and the nature of the IT solution in the context of the sector in which it will operate. To explore the scope of further aspects of technology sourcing transactions, see:

•
Technology sourcing—IT outsourcing—overview
•
Technology sourcing—Cloud and technology sourcing—overview
•
Technology sourcing—Technology and service integration—overview
•
Technology sourcing—Financial services and technology sourcing—overview
•
Technology sourcing—Public sector technology sourcing—overview

Data protection applicability to technology sourcing arrangements

Data protection laws in both the EEA (the EU plus Iceland, Norway, and Liechtenstein) and UK seek to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly. To help ensure that, both EEA and UK data protection laws impose a large number of obligations on those ‘processing’ personal data and on controllers of such processing. ‘Processing’ is broadly defined to include doing most things with data, including storing, deleting, collecting, disclosing or using it.

One of the key protections under both EEA and UK

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest TMT News

TMT weekly highlights—21 November 2024

Welcome to this week’s edition of the TMT weekly highlights: a hand-picked summary of news analysis, updates and new content from across the technology, media and telecoms sectors. These highlights focus on key topics including new technologies, software, cloud computing, internet, outsourcing, music, film & television, publishing, defamation and telecoms.

ASA rulings—20 November 2024

The Advertising Standards Authority (ASA) has upheld a ruling on two paid-for Google ads for The Pure Gold Company, a gold and silver retail dealer. The ads were identified through the ASA's proactive monitoring as part of its wider work on unregulated investments. The ASA found the ads were misleading as they failed to illustrate the risks of gold investments. The ASA upheld the complaint.

DSIT outlines new online safety priorities for Ofcom implementation

The Department for Science, Innovation and Technology (DSIT) has published a Statement of Strategic Priorities (SSP) for Ofcom, the online safety regulator, as it prepares to enforce the Online Safety Act from Spring 2025. The SSP focuses on embedding safety by design, increasing platform transparency, and creating a resilient digital world. DSIT has also launched a study to explore the effects of social media on children's wellbeing, aiming to strengthen the evidence base for future policy decisions. The government has committed to refining the Act's implementation based on Ofcom's reports and input from online safety experts and campaigners.

UK payments regulator sees competitiveness objective introduced via the backdoor

MLex: Until now, the UK's payments regulator has avoided the additional scrutiny that a competitiveness and growth remit brings with it. Following a letter from the finance minister to the Payment Systems Regulator (PSR) on 14 November 2024, that appears to have changed. In executing its functions, the PSR must now have regard to the government's growth and competitiveness strategy. That is likely to prove a flashpoint for the fintech sector, which has been irked by the PSR over its handling of fraud reimbursement rules.