Last month, on 11 July 2023, the European Commission adopted a new pact with the US to streamline the legal transfer of personal data across the Atlantic.

The ‘EU-U.S. Data Privacy Framework,’ or DPF means the end of a period of legal precariousness around the export of EU citizens’ data by US companies. Since the previous deal was ruled unlawful in 2020, the process of transferring data has become increasingly complex and uncertain. In May, for example, Meta (which operates Facebook, Instagram, and WhatsApp) was given a record fine by the EU for not complying with the European framework.

Known as Privacy Shield, the previous agreement was – along with its predecessor, Safe Harbor – dismissed by a top EU court because of concerns over US agencies accessing EU users’ personal data. It was judged that US surveillance powers did not meet the EU’s required legal standard of data privacy. Compared with the EU, the US has more lenient privacy laws and, whilst American citizens are mostly protected from such surveillance, foreigners are not.

The new DPF agreement promises to strengthen data protection measures and align US practices more closely with the EU’s General Data Protection Regulation (GDPR). It pledges that only “necessary and proportionate data” will be collected. It also establishes a mechanism for legal redress for EU users if they suspect their privacy rights have been violated.

The President of the European Commission lauded the pact as “an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the US, and at the same time to reaffirm our shared values.” Similarly, the US Secretary of Commerce, Gina Raimondo, said: “Trans-Atlantic data flows underpin more than $1trn in cross-border trade and investment per year. The DPF will be a particularly valuable tool for small and medium-size businesses that wish to participate in the transatlantic economy.”

However, data privacy campaigners remain sceptical of any enhanced provision, arguing that there have been no significant changes in US surveillance laws since the previous agreement was dismissed. They have already vowed to object to it in court, meaning that there could be further challenges and uncertainty ahead.

The Information Commissioner’s Office (ICO) has warned of the risks of breaching data protection laws when using the carbon copy (CC) option to multiple email recipients.

The ICO recently issued a reprimand to an independent healthcare body in the UK for inappropriately sharing personal data via email. No personal information was shared in the body of the email, but the use of the CC group email option meant that all email addresses were visible to all recipients. In addition, they could infer certain information about other recipients due to their inclusion in the group email. As this might have been information that recipients would not have wished to have been shared, it constituted a breach of data protection law. John Edwards, UK Information Commissioner, explained: “Even if the content of an email is not sensitive or confidential, identifying people who have received it could reveal sensitive or confidential information about them.”

On investigation, the ICO concluded that the use of CC was inappropriate; the organisation therefore did not have sufficient guidelines in place to ensure that personal data would be secure in bulk email communications. “This type of data breach is all too common but is easily avoidable,” Edwards said, “Organisations must take responsibility for training their staff properly and for putting appropriate systems and policies in place to avoid such incidents.”

In this particular case, the use of blind carbon copy (BCC) would have avoided a data breach as it simply would not have disclosed the recipients’ email addresses. Alternatively, the use of a proper mailing process would have ensured there was no risk of data leakage – such as a mail merge (which sends an individual message out to each recipient) or an Electronic Direct Mail (EDM) platform.

Although this incident involved the medical history of individuals, which is clearly personal data, it serves to illustrate how easy it can be to inadvertently breach data protection. It is vital to have appropriate policies in place within your organisation to suit your handling of personal data and thereby prevent data breaches.

We are a certified Cyber Advisor with the government’s National Cyber Security Centre (NCSC) – please get in touch for a review of or discussion on your organisation’s data protection and cyber security, or to get your organisation certified to UK and global standards including Cyber Essentials, ISO, NIST, and more.

Adobe will discontinue Synced files for Creative Cloud for all personal users from 1 February 2024, and for business or enterprise users from 1 October 2024. Any new Creative Cloud users from 1 October 2023 will not have access to Synced files capability.

Adobe currently enables users to sync files saved on local devices to a cloud storage folder as part of Creative Cloud. This will be discontinued, but Creative Cloud Libraries, including in-application syncing will remain – such as Photoshop’s Cloud Documents and Lightroom’s Sync, which won’t be affected.

The discontinuation of the Synced files feature is likely the result of the increasing complexity and expense of providing it – fewer users rely on this via Creative Cloud in comparison to the usage of other popular cloud storage providers, such as Google Drive, Microsoft (OneDrive, SharePoint) or Dropbox.

How will this impact you?

If you use Creative Cloud Synced files for syncing and/or sharing, you’ll need to either move these to Creative Cloud Libraries or put alternative cloud storage in place for cross-device access and backup. Assets in your local folder won’t be copied to cloud storage after 1 February 2024. In addition, links or files that have been shared with other users will no longer be accessible from this date.

What action should you take?

All files will remain intact and under your control in your Creative Cloud Files folder, but before the discontinuation date you should sign in to your Adobe account on your local device to ensure that the latest versions of assets have been synced from the cloud to your device. Cloud-based copies of files will be removed permanently from 1 October 2024 for personal users.

You can find the contents of your Creative Cloud Files folder on your local device by navigating to:

• Windows: C:\Users\\Creative Cloud Files
• macOS: Mac HD/Users//Creative Cloud Files
• Online: assets.adobe.com/files

Microsoft is previewing a new version of Outlook for Windows, to replace both the Outlook desktop application and the built-in Mail application for Windows 10/11. The new version has a modern interface and various new features.

By making these new features available within the new desktop application, Microsoft aims to bring it inline with the functionality of Outlook online (aka OWA). These features, which can already be used in the online version, include the ability to:

• Schedule sending of emails
• Pin emails to the top of the inbox
• Snooze emails; moving the email from your inbox to the ‘Snoozed’ folder then back at a set time
• Join Teams meetings directly by clicking the meeting notification
• Synchronise rules and email signatures between the application and online
• Quickly attach documents stored in the cloud using @ followed by the file name
• Create a task list combining calendar events and selected emails in the ‘My Day’ view
• More easily add/use Google accounts and Google calendars
• Cancel a message for up to 10 seconds after clicking ‘Send’
• ‘Sweep’ messages to quickly clean up old emails
• Use integrated Microsoft Loop features (Microsoft’s new collaboration platform)

For Windows users, we recommend using the traditional Outlook desktop application for the time being – until full functionality for the new version has been rolled out. As the new version is currently in preview stage, some important features – including offline access – are not yet available and others are still in development. There have also been reports of bugs with commonly used features – such as accessing shared mailboxes and marking emails as read/unread – therefore we don’t deem the new version ‘ready to use’ quite yet.

We’re pleased to announce that we have achieved certification in Mailchimp Foundations, demonstrating our expertise in one of the leading online marketing platforms.

The certification recognises our skill with the Mailchimp platform, our expertise in creating optimised campaigns and our deep, up-to-date understanding of digital marketing.

We can provide organisations with tailored campaigns – our expertise also includes management of accounts and analysis of results to help you track the performance of your campaigns and use data-driven decisions to achieve your marketing objectives.

To learn more about our email marketing services, please get in touch.