Data protection

Snapshot

Data regulation and oral communications

07 August 2020

David Scott v LGBT Foundation Ltd [2020] EWHC 483 (QB) (3 March 2020)

Read more
Snapshot

European Commission and EDPB lay out framework for privacy compliant contact tracing apps

07 August 2020

How do we balance the need for contact tracing with data protection regulation?

Read more
Snapshot

COVID-19 testing and monitoring in the workplace

07 August 2020

Can employers test and monitor employees during the COVID-19 pandemic?

Read more
Snapshot

ICO outlines priorities and regulatory approach during the coronavirus public health emergency

07 August 2020

How has the ICO reshaped its priorities for regulating UK data protection during COVID-19?

Read more
Snapshot

ICO issues guidance on artificial intelligence: explaining the “black box”

07 August 2020

What steps do businesses need to take to comply with the ICO’s new guidance on artificial intelligence?

Read more
Snapshot

Government publishes approach to post-Brexit trade deal with the EU

07 August 2020

What is the Government’s approach to a post-Brexit trade deal with the EU?

Read more
Snapshot

WM Morrison Supermarkets plc v Various Claimants – Supreme Court rules on vicarious liability for unlawful disclosure of personal data by rogue employee

07 August 2020

Can an employer be held vicariously liable for the actions of a rogue employee leaking data?

Read more
Snapshot

Ashley Judith Dawson-Damer v Taylor Wessing LLP – Court of Appeal rules on legal professional privilege and “relevant filing system” in subject access dispute

07 August 2020

Do paper files constitute a “relevant filing system” for the purposes of subject access requests (SARs)? Can legal professional privilege (LPP) be used to block a SAR made by a data subject that is owed a duty of “joint privilege” along with the lawyer’s primary client?

Read more
Snapshot

GDPR Codes of Conduct and Certification schemes – the ICO is “open for business”

07 August 2020

What is the ICO doing to make it easier for industry specific sectors to comply with GDPR? What is the benefit to businesses in adopting accredited codes of conduct?

Read more
Snapshot

Continuing the free flow of personal data between the EU and the UK post-Brexit: DCMS Explanatory Framework for adequacy discussions

07 August 2020

How might the Explanatory Framework recently published by the Department for Digital, Culture, Media & Sport (DCMS) assist with enabling the continued free flow of data between the EU and the UK post-Brexit and how might the UK Government’s approach to the COVID-19 pandemic affect this?

Read more
Snapshot

Cookie walls and scrolling – updated EDPB guidance

07 August 2020

Are cookie walls permissible? Can scrolling through a website constitute “consent”?

Read more
Snapshot

CJEU's CCTV ruling: guidance on legitimate interests processing

02 June 2020

Case C-708/18 TK v Asociaţia de Proprietari bloc M5A-ScaraA EU:C:2019:1064

Read more
Snapshot

EPDB guidelines: Data Protection by Design and by Default

02 June 2020

How familiar are you with the obligations in the GDPR to protect personal data by design and default (DPbDD)? And what practical measures can you take to help ensure compliance?

Read more
Snapshot

Schrems II - Advocate General's Opinion

02 June 2020

Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd

Read more
Snapshot

ICO issues monetary penalty notice against Cathay Pacific for data breach

02 June 2020

When is the ICO likely to impose its maximum fine for a data breach?

Read more
Snapshot

ICO monetary penalty notice against DSG Retail Ltd for data breach

02 June 2020

What factors did the ICO take into account when issuing the maximum £500,000 penalty (under the old Data Protection Act) against DSG for a data security breach relating to its Point of Sale (POS) payment terminals?

Read more
Snapshot

Adtech and the data protection debate - where next?

02 June 2020

How has the discussion surrounding the regulation of real-time bidding (RTB) evolved since the publishing of the ICO’s Adtech Update Report last June?

Read more
Snapshot

ICO consults on new direct marketing code of practice

02 June 2020

What is new about the ICO’s proposed new Direct Marketing Code of Practice (the New Code)?

Read more
Snapshot

Major finance, retail and media companies targeted in Irish “cookie” sweep

21 January 2020

How does the Irish Data Protection Commission (DPC) monitor whether websites are compliant with data protection law?

Read more
Snapshot

ICO guidance on the use of cookies and similar technologies

21 January 2020

Can implied consent be relied on for the use of cookies? Or, in the words of the ICO’s blog, “what does ‘good’ look like?”

Read more
Snapshot

CJEU rules out opt out consent for cookies

21 January 2020

Planet49 GmbH v Bundesverban der Vebraucherzentralen

Read more
Snapshot

Striking the balance between the RTBF and substantial public interest

21 January 2020

GC, AF, BH, ED v CNIL Case C-136/17 GC, AF, BH, ED v Commission nationale de l’informatique et des libertés (CNIL)

Read more
Snapshot

CJEU rules on the territorial scope of the “right to be forgotten”

21 January 2020

Google LLC v Commission Nationale de l'informatique et des Libertés (CNIL)

Read more
Snapshot

ICO revises guidance on timescales for responding to subject access requests

21 January 2020

How long does an organisation have to reply to a data subject access request (DSAR)?

Read more
Snapshot

ICO draft Data Sharing Code of Practice

21 January 2020

What changes does the Information Commissioner’s Office (ICO) plan to make to the Data Sharing Code of Practice?

Read more
Snapshot

Lawfulness of automated facial recognition

21 January 2020

R (Edward Bridges) v the Chief Constable of South Wales [2019] EWHC 2341 (Admin)

Read more
Snapshot

ECJ rules on Facebook “Like” button

07 November 2019

Does a Facebook “Like” button make a website operator a joint data controller?

Read more
Snapshot

New EDPB guidelines on processing personal data through video devices

07 November 2019

How does the GDPR apply to the use of video devices?

Read more
Snapshot

EE fined £100k for sending unsolicited marketing texts

07 November 2019

What happens when a customer service message also includes promotional material? Do the electronic marketing rules under the Privacy and Electronic Communications Regulations (PECR) kick in?

Read more
Snapshot

ICO update on Adtech Real Time Bidding Report

07 November 2019

What can businesses do to minimise the regulatory risks of processing of personal data in relation to real time bidding (RTB)?

Read more
Snapshot

ICO issues record fine against British Airways

07 November 2019

What did it take for the ICO to issue its largest ever fine against British Airways?

Read more
Snapshot

Pensions company fined for unsolicited emails following inaccurate advice

04 July 2019

How far can you avoid culpability for a data marketing data breach on the grounds that you were given faulty legal advice or that a third party conducted the marketing campaign on your behalf?

Read more
Snapshot

PPI claims company fined £120,000 by the ICO for spam texts

04 July 2019

Will a data controller be held responsible where a third party acting on its behalf breaches data privacy laws?

Read more
Snapshot

HMRC issued enforcement notice by ICO for use of biometric data

04 July 2019

When is consent sufficient for collecting, processing and using biometric data?

Read more
Snapshot

ICO: Age Appropriate Design Code for information society services

04 July 2019

What steps does the Information Commissioner’s Office (ICO) require to ensure adequate protection of children online?

Read more
Snapshot

European Data Protection Board issue guidelines on contractual processing for online services

04 July 2019

When is it appropriate for Information Society Services (ISSs) to process personal data on the basis that it is “necessary for the performance of a contract”?

Read more
Snapshot

Pre-ticked boxes and cookies consents: Planet49

04 July 2019

Is unticking a box sufficient to meet the consent requirements for the installation of cookies? Separately, can you agree to sharing your data with third parties in order to gain entry to a prize draw?

Read more
Snapshot

Notifying data subjects of processing under the GDPR

04 July 2019

What are proportional measures to take when meeting the informational obligation imposed on data controllers?

Read more
Snapshot

ICO guidance on contracts and liabilities between controllers and processors

08 April 2019

What are the contractual liabilities and requirements of a data processor and a data controller under the GDPR?

Read more
Snapshot

European Data Protection Board launches consultation on the territorial scope of the GDPR

08 April 2019

When will processing by a data controller or data processor fall within the territorial remit of the GDPR?

Read more
Snapshot

Video recordings and the journalistic exemption

08 April 2019

Does making a video recording on a digital camera constitute the processing of personal data? Can individuals benefit from the “journalistic exemption”?

Read more
Snapshot

Does a Facebook Like button on your website make you a data controller?

08 April 2019

If the operator of a website embeds a third party plugin (such as the Facebook Like button), does this make it a joint data controller with Facebook?

Read more
Snapshot

ICO updates its guidance on data protection impact assessments

08 April 2019

When should a data controller conduct a Data Protection Impact Assessment (DPIA)?

Read more
Snapshot

ICO guidance on encryption and use of passwords in online services

08 April 2019

How can data controllers and processers improve their security measures?

Read more
Snapshot

Bupa fined for systemic data protection failures

20 December 2018

What if an employee goes rogue with your personal data? Will you be able to show effective oversight measures including monitoring of employee access to databases?

Read more
Snapshot

Equifax fined £500,000 for data breach of 15m UK customers

20 December 2018

Had Equifax taken adequate and effective measures to protect customer data?

Read more
Snapshot

"Google You Owe Us” class action blocked – Richard Lloyd v Google LLC

20 December 2018

Do you need to show relevant damage for a claim under the Data Protection Act 1998 (DPA)? Can a class action succeed if the members of the class cannot be readily ascertained or be said to share the same interest? Put another way, what are the restrictions on bringing an action for damages under the DPA?

Read more
Snapshot

ICO Calls for views on GDPR update to Direct Marketing Guide

20 December 2018

What should we expect from the ICO’s updated Direct Marketing Guide?

Read more
Snapshot

Ireland’s Data Protection Commission launches investigation into Facebook’s data breach

20 December 2018

On 28 September, Facebook disclosed that hackers had stolen keys that allowed them to access up to 50m user accounts with the potential for a further 40m which may have been compromised. The hack allowed the hackers to use the accounts as their own, reading and writing private messages and posts.

Read more