May’s news is centred around immigration matters that have arisen recently as they relate to employment law, the government’s response to the ‘Sexism in the City’ report (which is actually quite an interesting read), and some updates from the ICO and EU parliament about how we should be dealing with data in the UK, and the penalties and fines if you don’t get it right.
- Immigration: Food delivery companies to introduce Right to Work checks for substitute drivers
- Immigration: CPS publishes report on reducing migration to the UK
- Immigration: Number of Home Office-approved sponsor employers, by visa route, as at 13 May 2024
- Sex Discrimination: Responses published to ‘Sexism in the City’ Report
- Data Protection: New detailed guidance from the ICO on fines and penalties
- Data Protection: EU Parliament submits written evidence in Lords’ UK-EU data adequacy inquiry
Immigration: Food delivery companies to introduce Right to Work checks for substitute drivers
The Home Office has announced that following discussions with the government, Deliveroo, Just Eat and Uber Eats have confirmed their intentions to take steps to prevent exploitation of account sharing by their drivers. All three companies have confirmed their intention to roll out new processes which will enable them to check whether substitute drivers have a legal right to work in the UK. Deliveroo has already started this process, beginning right to work checks for substitute drivers as part of the registration process earlier this month.
Immigration: CPS publishes report on reducing migration to the UK
The Centre for Policy Studies (CPS) has published a report, written by former Immigration Minister Robert Jenrick MP, former minister Neil O’Brien MP, and CPS Research Director Karl Williams, entitled ‘Taking back control’ which argues that recent immigration to the UK has placed pressure on housing, public services and infrastructure while failing to deliver on the economic benefits which its advocates have promised. The report sets out over 30 recommendations which the authors believe will reduce immigration, including:
- retiring the Shortage Occupation List altogether, rather than replacing it with an Immigration Salary List
- raising the minimum hourly wage in the care sector by 20–40p and setting the salary threshold for health and care visas above the National Living Wage
- creating an annual cap on each individual visa route, but creating time-limited exceptions to visa limits for NHS workers, until the NHS Long Term Workforce Plan ramps up.
Immigration: Number of Home Office-approved sponsor employers, by visa route, as at 13 May 2024
The below data shows the number of Home Office-approved employer sponsors, according to visa route, as listed on the Home Office’s register of licensed sponsors on the specified date.
As at 13 May 2024, Skilled Worker sponsors account for the majority of employers (over 84.23%). 8.57% of sponsors have a Global Business Mobility-Senior or Specialist Worker licence, and the remaining 13 work routes account for the remaining 7.2%.
Sex Discrimination: Responses published to ‘Sexism in the City’ Report
The Treasury Committee has published the responses by HM Treasury, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) to its Sexism in the City inquiry report. One reform put forward in the report was a total ban on the use of non-disclosure agreements (NDAs) in all harassment cases. In its response, the government highlights action it has taken in preventing the use of NDAs in other sectors and says an NDA would ‘most likely’ be unenforceable when related to reporting a crime to the police.
Data Protection: New detailed guidance from the ICO on fines and penalties
In March 2024, the Information Commissioner’s Office (ICO) published new guidance (the Guidance) setting out how it will determine penalty notices and calculate fines under the UK General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the UK data protection laws). The Guidance replaces the sections about penalty notices in the ICO Regulatory Action Policy published in November 2018 (the RA Policy) and is significantly more detailed. The Guidance applies to all new cases regarding infringements of the UK data protection laws and to existing cases in which no notice of intent to impose a fine has been issued.
The Guidance is divided into three sections:
- statutory background
- circumstances in which the ICO would consider a penalty notice appropriate
- calculation of the appropriate amount of the fine
The Guidance also contains a useful table at Annex 1 setting out the provisions of the UK data protection laws for which the ICO can impose a fine.
When assessing whether to issue a penalty notice, the ICO will consider: (i) the seriousness of the infringement; (ii) relevant aggravating or mitigating factors; and (iii) the effectiveness, proportionality and dissuasiveness of a penalty.
The ICO will take the following five-step approach when calculating any fine:
1) Assessment of the seriousness of the infringement
2) Accounting for turnover (where the controller or processor is part of an undertaking)
3) Calculation of the ‘starting point’ having regard to the seriousness of the infringement and, where relevant, the turnover of the undertaking
4) Adjustment to take into account any aggravating or mitigating factors
5) Assessment of whether the fine is effective, proportionate and dissuasive.
Data Protection: EU Parliament submits written evidence in Lords’ UK-EU data adequacy inquiry
The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) has submitted written evidence to the House of Lords European Affairs Committee (EAC)’s inquiry into data adequacy and its implications for the UK-EU relationship. The LIBE Committee starts its submission by making remarks on the Data Protection and Digital Information Bill (DPDIB) currently reviewed by the UK Parliament, including the definition of ‘singling out‘ and ‘pseudonymised data‘. The LIBE Committee then provides responses to the questions asked by the Lords Committee.
The LIBE Committee expresses reserves in relation to changes to the role of the ICO as set out by the DPDIB, deeming that they ‘constitute a significant departure from the EU data protection supervision model, where the independence of the national supervision authority is an important cornerstone’. The LIBE Committee then goes on to point out that the topic of onward transfers and ‘Henry VIII‘ clauses set out in the DPIB may be factors influencing the next European Commission when deciding whether to renew the adequacy decisions for the UK in June 2025. It is also concerned that the provisions of the DPDIB permitting automated decision making and large database of personal data to be used for AI training and development without informing the data subjects or seeking their consent would be contrary to Article 22 of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR).
The LIBE Committee further shares its concerns that the UK adequacy status could lead to the bypassing of the EU rules on international transfers to countries or international organisations not deemed adequate under EU law, and that the UK could become a transit country for data that cannot be sent from the EU/EEA to ‘inadequate’ third countries.
Further Information:
If you would like any additional information, please contact Anne-Marie Pavitt or Sophie Banks on: hello@dixcartuk.com