Data protection

Snapshot

ECJ rules on Facebook “Like” button

07 November 2019

Does a Facebook “Like” button make a website operator a joint data controller?

Read more
Snapshot

New EDPB guidelines on processing personal data through video devices

07 November 2019

How does the GDPR apply to the use of video devices?

Read more
Snapshot

EE fined £100k for sending unsolicited marketing texts

07 November 2019

What happens when a customer service message also includes promotional material? Do the electronic marketing rules under the Privacy and Electronic Communications Regulations (PECR) kick in?

Read more
Snapshot

ICO issues record fine against British Airways

07 November 2019

What did it take for the ICO to issue its largest ever fine against British Airways?

Read more
Snapshot

ICO update on Adtech Real Time Bidding Report

07 November 2019

What can businesses do to minimise the regulatory risks of processing of personal data in relation to real time bidding (RTB)?

Read more
Snapshot

Pensions company fined for unsolicited emails following inaccurate advice

04 July 2019

How far can you avoid culpability for a data marketing data breach on the grounds that you were given faulty legal advice or that a third party conducted the marketing campaign on your behalf?

Read more
Snapshot

PPI claims company fined £120,000 by the ICO for spam texts

04 July 2019

Will a data controller be held responsible where a third party acting on its behalf breaches data privacy laws?

Read more
Snapshot

HMRC issued enforcement notice by ICO for use of biometric data

04 July 2019

When is consent sufficient for collecting, processing and using biometric data?

Read more
Snapshot

ICO: Age Appropriate Design Code for information society services

04 July 2019

What steps does the Information Commissioner’s Office (ICO) require to ensure adequate protection of children online?

Read more
Snapshot

Pre-ticked boxes and cookies consents: Planet49

04 July 2019

Is unticking a box sufficient to meet the consent requirements for the installation of cookies? Separately, can you agree to sharing your data with third parties in order to gain entry to a prize draw?

Read more
Snapshot

European Data Protection Board issue guidelines on contractual processing for online services

04 July 2019

When is it appropriate for Information Society Services (ISSs) to process personal data on the basis that it is “necessary for the performance of a contract”?

Read more
Snapshot

Notifying data subjects of processing under the GDPR

04 July 2019

What are proportional measures to take when meeting the informational obligation imposed on data controllers?

Read more
Snapshot

ICO guidance on contracts and liabilities between controllers and processors

08 April 2019

What are the contractual liabilities and requirements of a data processor and a data controller under the GDPR?

Read more
Snapshot

European Data Protection Board launches consultation on the territorial scope of the GDPR

08 April 2019

When will processing by a data controller or data processor fall within the territorial remit of the GDPR?

Read more
Snapshot

ICO guidance on encryption and use of passwords in online services

08 April 2019

How can data controllers and processers improve their security measures?

Read more
Snapshot

ICO updates its guidance on data protection impact assessments

08 April 2019

When should a data controller conduct a Data Protection Impact Assessment (DPIA)?

Read more
Snapshot

Video recordings and the journalistic exemption

08 April 2019

Does making a video recording on a digital camera constitute the processing of personal data? Can individuals benefit from the “journalistic exemption”?

Read more
Snapshot

Does a Facebook Like button on your website make you a data controller?

08 April 2019

If the operator of a website embeds a third party plugin (such as the Facebook Like button), does this make it a joint data controller with Facebook?

Read more
Snapshot

Bupa fined for systemic data protection failures

20 December 2018

What if an employee goes rogue with your personal data? Will you be able to show effective oversight measures including monitoring of employee access to databases?

Read more
Snapshot

Equifax fined £500,000 for data breach of 15m UK customers

20 December 2018

Had Equifax taken adequate and effective measures to protect customer data?

Read more
Snapshot

"Google You Owe Us” class action blocked – Richard Lloyd v Google LLC

20 December 2018

Do you need to show relevant damage for a claim under the Data Protection Act 1998 (DPA)? Can a class action succeed if the members of the class cannot be readily ascertained or be said to share the same interest? Put another way, what are the restrictions on bringing an action for damages under the DPA?

Read more
Snapshot

Facebook ordered to reveal who requested deletion of deceased’s profile – Sabados v Facebook Ireland

20 December 2018

Where a social media company has completed a request from an unknown person to delete a deceased’s profile and refused to tell the deceased’s partner, can a Norwich Pharmacal order be used to disclose the identity?

Read more
Snapshot

ICO Calls for views on GDPR update to Direct Marketing Guide

20 December 2018

What should we expect from the ICO’s updated Direct Marketing Guide?

Read more
Snapshot

Ireland’s Data Protection Commission launches investigation into Facebook’s data breach

20 December 2018

On 28 September, Facebook disclosed that hackers had stolen keys that allowed them to access up to 50m user accounts with the potential for a further 40m which may have been compromised. The hack allowed the hackers to use the accounts as their own, reading and writing private messages and posts.

Read more
Snapshot

Six month imprisonment in first ICO computer misuse act prosecution

20 December 2018

Is the Information Commissioner’s Office (ICO) extending the scope and severity of its enforcement powers?

Read more
Snapshot

Various Claimants v WM Morrisons Supermarket PLC

20 December 2018

Can a business be held vicariously liable for the actions of an employee who deliberately breaches its data protection policies and data protection law?

Read more
Snapshot

What if there’s no Brexit deal?

20 December 2018

Where does a no deal scenario leave our obligations under EU data protection principles?

Read more
Snapshot

Yahoo! fined for failure to implement intra-group processing agreement

24 September 2018

With the arrival of the GDPR, the focus on third party data processing agreements and ensuring they have the relevant controls in place has never been more intense. But how much do businesses need to focus on their intra-group processing agreements?

Read more
Snapshot

European Parliament calls for suspension of Privacy Shield

24 September 2018

Is the EU-US Privacy Shield in danger?

Read more
Snapshot

Media reporting restricted after Sir Cliff Richard decision

24 September 2018

In what instances can journalists name the suspect of a police investigation? Do such suspects have a "reasonable expectation of privacy"?

Read more
Snapshot

UK's data retention powers incompatible with EU Law

09 August 2018

Are the UK security services' data retention powers compatible with the new privacy regime under EU Law?

Read more
Snapshot

Administrator of Facebook fan page held to be data controller

09 August 2018

Is the administrator of a fan page on Facebook a "controller" for the purposes of the Data Protection Directive (95/46/EC) (DPD)?

Read more
Snapshot

Fine for theft of employer’s personal data

09 August 2018

Can departing employees be fined for stealing their employer's personal data? Even if the theft is relatively "minor"?

Read more
Snapshot

ICO draft guidance: Data Protection Impact Assessments

09 August 2018

When and how should a data controller conduct a Data Protection Impact Assessment (DPIA) under the GDPR?

Read more
Snapshot

ICO draft guidance: legitimate interests as a lawful basis for processing

09 August 2018

The GDPR significantly alters the balance of obligations, responsibilities and liabilities for controllers and processors of data. It mandates that a processor must have a lawful basis for the processing of data. However There are some impactful changes, particularly when looking to rely on legitimate interests as the lawful basis upon which a processor intends to process data.

Read more
Snapshot

The new data protection fee

09 August 2018

From 25 May 2018, as part of the revamp by the General Data Protection Regulation (GDPR), the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations) came into force. Amongst other things, these regulations change the way the ICO fund their data protection work.

Read more
Snapshot

ICO guidance: “consent is not the silver bullet for GDPR compliance”

09 August 2018

The ICO reiterated that organisations do not necessarily need to obtain fresh consent from all of their customers in order to comply with GDPR.

Read more
Snapshot

WP29 revised guidelines: personal data breach notification

09 August 2018

When should a data controller or processor notify a personal data breach?

Read more
Snapshot

Article 29 Working Party publishes guidelines on data breach notifications under the GDPR

11 April 2018

What data notification procedures should data controllers and processors have in place by 25 May 2018?

Read more
Snapshot

Article 29 Working Party adopts guidelines on Data Protection Impact Assessments

11 April 2018

When should a data controller conduct a Data Protection Impact Assessment (DPIA)?

Read more
Snapshot

Article 29 Working Party publishes draft guidelines on transparency under the GDPR

11 April 2018

In accordance with the GDPR's new obligation of transparency, what do the WP29 draft guidelines suggest you put in your organisation's privacy policy and other privacy notices?

Read more
Snapshot

Article 29 Working Party publishes guidelines on consent under the GDPR

11 April 2018

What exactly are the higher standards of consent under the GDPR?

Read more
Snapshot

Court of Appeal declares the Data Retention and Investigatory Powers Act 2014 unlawful

11 April 2018

Is section 1 of the Data Retention and Investigatory Powers Act 2014 (DRIPA) inconsistent with EU law?

Read more
Snapshot

ICO fines Carphone Warehouse £400,000 following systemic data failures

11 April 2018

Need an example of how not to protect your customers' and employees' data? Then, read on!

Read more
Snapshot

ICO publishes draft guidance on children and the GDPR

11 April 2018

What extra requirements must be met when processing the personal data of a child under the GDPR?

Read more
Snapshot

Vicarious liability for deliberate data breaches

11 April 2018

Can a business be held vicariously liable for the actions of an employee who deliberately breaches its employer's data protection policies and data protection law?

Read more
Snapshot

Updates to the draft ePrivacy Regulation

18 December 2017

On 19 October 2017, the European Parliament approved a revised draft of the ePrivacy Regulation. Though still subject to negotiation, it introduces a number of important changes, and deserves careful study by every online communications business.

Read more
Snapshot

Are Model Contract Clauses (or “Standard Contract Clauses” – SSCs) valid under EU data protection law?

18 December 2017

Irish High Court asks CJEU to rule on validity of Model Contract Clauses (Schrems II)

Read more
Snapshot

ICO issues TalkTalk monetary penalty notice for £100,000

18 December 2017

On 7 August 2017, the Information Commissioner’s Office fined TalkTalk £100,000 after an investigation found that it had failed to take adequate security measures to protect customer data from unauthorised access via web-based portal.

Read more
Snapshot

ICO issues draft guidance on contracts between data controllers and data processors

18 December 2017

What must be included within a contract between a data controller and a data processor to ensure compliance with the General Data Protection Regulation (GDPR)?

Read more