Data protection

Snapshot

ICO publishes contact tracing guidance

Published on 02 November 2020. By David Cran, Head of IP and Tech

Read more
Snapshot

The EECC, the ePD and the GDPR – a complex interplay creating a breach notification nightmare for providers of communications services

Published on 02 November 2020. By Oliver Bray, Senior Partner

What impact will the implementation of the new Directive establishing the European Electronic Communications Code (2018/1972) (EECC) have on the scope and application of the ePrivacy Directive (2002/58/EC) (ePD) for providers of electronic communication services?

Read more
Snapshot

H&M hit with €35.3m fine for GDPR employee breach

Published on 02 November 2020. By Oliver Bray, Senior Partner

How did H&M’s internal data collection processes land it with the second largest fine in data breach history?

Read more
Snapshot

ICO publishes guidance on AI decision making

Published on 02 November 2020. By Oliver Bray, Senior Partner

How can companies comply with data regulation when using AI to make decisions affecting individuals?

Read more
Snapshot

Schrems II where next for data transfers

Published on 02 November 2020. By Oliver Bray, Senior Partner

Read more
Snapshot

Damages for distress for failing to verify personal data

Published on 02 November 2020. By Oliver Bray, Senior Partner

Read more
Snapshot

EU social media targeting guidelines – call for feedback

Published on 02 November 2020. By Oliver Bray, Senior Partner

Who are the key actors in the targeting of social media users, and what can they learn from the EU's new social media targeting guidelines?

Read more
Snapshot

EU Commission looks to new SCCs by the end of 2020

Published on 02 November 2020. By Oliver Bray, Senior Partner

Read more
Snapshot

DMA issues “Seven-Step Ad Tech Guide” in a bid to restore trust in online advertising

Published on 02 November 2020. By Oliver Bray, Senior Partner

What needs to be done by UK businesses actively engaged in the programmatic delivery of digital advertising to ensure they protect the rights of individuals?

Read more
Snapshot

Data regulation and oral communications

07 August 2020

David Scott v LGBT Foundation Ltd [2020] EWHC 483 (QB) (3 March 2020)

Read more
Snapshot

European Commission and EDPB lay out framework for privacy compliant contact tracing apps

07 August 2020

How do we balance the need for contact tracing with data protection regulation?

Read more
Snapshot

COVID-19 testing and monitoring in the workplace

07 August 2020

Can employers test and monitor employees during the COVID-19 pandemic?

Read more
Snapshot

ICO outlines priorities and regulatory approach during the coronavirus public health emergency

07 August 2020

How has the ICO reshaped its priorities for regulating UK data protection during COVID-19?

Read more
Snapshot

ICO issues guidance on artificial intelligence: explaining the “black box”

07 August 2020

What steps do businesses need to take to comply with the ICO’s new guidance on artificial intelligence?

Read more
Snapshot

Government publishes approach to post-Brexit trade deal with the EU

07 August 2020

What is the Government’s approach to a post-Brexit trade deal with the EU?

Read more
Snapshot

WM Morrison Supermarkets plc v Various Claimants – Supreme Court rules on vicarious liability for unlawful disclosure of personal data by rogue employee

07 August 2020

Can an employer be held vicariously liable for the actions of a rogue employee leaking data?

Read more
Snapshot

Ashley Judith Dawson-Damer v Taylor Wessing LLP – Court of Appeal rules on legal professional privilege and “relevant filing system” in subject access dispute

07 August 2020

Do paper files constitute a “relevant filing system” for the purposes of subject access requests (SARs)? Can legal professional privilege (LPP) be used to block a SAR made by a data subject that is owed a duty of “joint privilege” along with the lawyer’s primary client?

Read more
Snapshot

GDPR Codes of Conduct and Certification schemes – the ICO is “open for business”

07 August 2020

What is the ICO doing to make it easier for industry specific sectors to comply with GDPR? What is the benefit to businesses in adopting accredited codes of conduct?

Read more
Snapshot

Continuing the free flow of personal data between the EU and the UK post-Brexit: DCMS Explanatory Framework for adequacy discussions

07 August 2020

How might the Explanatory Framework recently published by the Department for Digital, Culture, Media & Sport (DCMS) assist with enabling the continued free flow of data between the EU and the UK post-Brexit and how might the UK Government’s approach to the COVID-19 pandemic affect this?

Read more
Snapshot

Cookie walls and scrolling – updated EDPB guidance

07 August 2020

Are cookie walls permissible? Can scrolling through a website constitute “consent”?

Read more
Snapshot

CJEU's CCTV ruling: guidance on legitimate interests processing

02 June 2020

Case C-708/18 TK v Asociaţia de Proprietari bloc M5A-ScaraA EU:C:2019:1064

Read more
Snapshot

EPDB guidelines: Data Protection by Design and by Default

02 June 2020

How familiar are you with the obligations in the GDPR to protect personal data by design and default (DPbDD)? And what practical measures can you take to help ensure compliance?

Read more
Snapshot

Schrems II - Advocate General's Opinion

02 June 2020

Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd

Read more
Snapshot

ICO issues monetary penalty notice against Cathay Pacific for data breach

02 June 2020

When is the ICO likely to impose its maximum fine for a data breach?

Read more
Snapshot

ICO monetary penalty notice against DSG Retail Ltd for data breach

02 June 2020

What factors did the ICO take into account when issuing the maximum £500,000 penalty (under the old Data Protection Act) against DSG for a data security breach relating to its Point of Sale (POS) payment terminals?

Read more
Snapshot

Adtech and the data protection debate - where next?

02 June 2020

How has the discussion surrounding the regulation of real-time bidding (RTB) evolved since the publishing of the ICO’s Adtech Update Report last June?

Read more
Snapshot

ICO consults on new direct marketing code of practice

02 June 2020

What is new about the ICO’s proposed new Direct Marketing Code of Practice (the New Code)?

Read more
Snapshot

Major finance, retail and media companies targeted in Irish “cookie” sweep

21 January 2020

How does the Irish Data Protection Commission (DPC) monitor whether websites are compliant with data protection law?

Read more
Snapshot

ICO guidance on the use of cookies and similar technologies

21 January 2020

Can implied consent be relied on for the use of cookies? Or, in the words of the ICO’s blog, “what does ‘good’ look like?”

Read more
Snapshot

CJEU rules out opt out consent for cookies

21 January 2020

Planet49 GmbH v Bundesverban der Vebraucherzentralen

Read more
Snapshot

Striking the balance between the RTBF and substantial public interest

21 January 2020

GC, AF, BH, ED v CNIL Case C-136/17 GC, AF, BH, ED v Commission nationale de l’informatique et des libertés (CNIL)

Read more
Snapshot

CJEU rules on the territorial scope of the “right to be forgotten”

21 January 2020

Google LLC v Commission Nationale de l'informatique et des Libertés (CNIL)

Read more
Snapshot

ICO revises guidance on timescales for responding to subject access requests

21 January 2020

How long does an organisation have to reply to a data subject access request (DSAR)?

Read more
Snapshot

ICO draft Data Sharing Code of Practice

21 January 2020

What changes does the Information Commissioner’s Office (ICO) plan to make to the Data Sharing Code of Practice?

Read more
Snapshot

Lawfulness of automated facial recognition

21 January 2020

R (Edward Bridges) v the Chief Constable of South Wales [2019] EWHC 2341 (Admin)

Read more
Snapshot

ECJ rules on Facebook “Like” button

07 November 2019

Does a Facebook “Like” button make a website operator a joint data controller?

Read more
Snapshot

New EDPB guidelines on processing personal data through video devices

07 November 2019

How does the GDPR apply to the use of video devices?

Read more
Snapshot

EE fined £100k for sending unsolicited marketing texts

07 November 2019

What happens when a customer service message also includes promotional material? Do the electronic marketing rules under the Privacy and Electronic Communications Regulations (PECR) kick in?

Read more
Snapshot

ICO issues record fine against British Airways

07 November 2019

What did it take for the ICO to issue its largest ever fine against British Airways?

Read more
Snapshot

ICO update on Adtech Real Time Bidding Report

07 November 2019

What can businesses do to minimise the regulatory risks of processing of personal data in relation to real time bidding (RTB)?

Read more
Snapshot

ICO: Age Appropriate Design Code for information society services

04 July 2019

What steps does the Information Commissioner’s Office (ICO) require to ensure adequate protection of children online?

Read more
Snapshot

HMRC issued enforcement notice by ICO for use of biometric data

04 July 2019

When is consent sufficient for collecting, processing and using biometric data?

Read more
Snapshot

Pensions company fined for unsolicited emails following inaccurate advice

04 July 2019

How far can you avoid culpability for a data marketing data breach on the grounds that you were given faulty legal advice or that a third party conducted the marketing campaign on your behalf?

Read more
Snapshot

Notifying data subjects of processing under the GDPR

04 July 2019

What are proportional measures to take when meeting the informational obligation imposed on data controllers?

Read more
Snapshot

PPI claims company fined £120,000 by the ICO for spam texts

04 July 2019

Will a data controller be held responsible where a third party acting on its behalf breaches data privacy laws?

Read more
Snapshot

European Data Protection Board issue guidelines on contractual processing for online services

04 July 2019

When is it appropriate for Information Society Services (ISSs) to process personal data on the basis that it is “necessary for the performance of a contract”?

Read more
Snapshot

Pre-ticked boxes and cookies consents: Planet49

04 July 2019

Is unticking a box sufficient to meet the consent requirements for the installation of cookies? Separately, can you agree to sharing your data with third parties in order to gain entry to a prize draw?

Read more
Snapshot

Video recordings and the journalistic exemption

08 April 2019

Does making a video recording on a digital camera constitute the processing of personal data? Can individuals benefit from the “journalistic exemption”?

Read more
Snapshot

ICO guidance on contracts and liabilities between controllers and processors

08 April 2019

What are the contractual liabilities and requirements of a data processor and a data controller under the GDPR?

Read more