Implementation of the new EU standard contractual clauses and obligation to undertake a “TIA” – are you prepared?

The new EU standard contractual clauses (New EU SCCs) came into force on 27 September 2021 for the transfer of personal data from the EEA to third countries under the EU General Data Protection Regulation (EU 2016/679) (GDPR). The European Commission Implementing Decisions ((2001/497/EC) and (2010/87/EU)) which incorporated the previous standard contractual clauses (Old EU SCCs), were repealed on that day. Read more

Supreme Court finds claim for compensation under data protection legislation cannot proceed on “opt-out basis” in high profile Lloyd v Google case

In its judgment this morning the Supreme Court has overturned the Court of Appeal's decision in the high profile Lloyd v Google case, which would have opened the floodgates for class actions for compensation for loss of control of personal data to be brought on behalf of very large numbers of individuals without identifying class members: Lloyd v Google LLC [2021] UKSC 50. Read more

FLAG meeting: Ransomware and data class actions

Herbert Smith Freehills and the Federation Against Software Theft are delighted to invite you to our joint webinar on Wednesday 20 January 2021, where expert speakers from Herbert Smith Freehills will provide insights into the following topical issues: Ransomware: Ransomware attacks are on the increase and the impact in terms of disruption and damage to reputation … Read more

The other not so mega ‘mega fine’: ICO fines Marriott £18.4 million in relation to Starwood Hotel’s 2014 data breach

Summary The ICO has fined Marriott Inc (“Marriott”) £18.4 million in relation to a 2014 cyber-attack on Starwood Hotels. The ICO had previously issued a notice of its intention to fine Marriott £99.2 million. The Penalty Notice does not explain the reasons why the final fine is considerably lower than this amount. Following the ICO’s … Read more

Morrisons wins Supreme Court appeal against finding of vicarious liability in data breach class action

Today the Supreme Court handed down its decision in Wm Morrisons Supermarkets Plc v Various Claimants [2020] UKSC 12, bringing to its conclusion a case which had the potential to alter significantly the data protection and cyber security litigation and class action landscape. The headline news is that Morrisons has been found not to be vicariously liable for the … Read more

UK Government publishes results to the annual Cyber Security Breaches Survey

The Cyber Security Breaches Survey (“CSBS”) is an annual study of UK businesses and charities that began in 2015. The latest CSBS was conducted during the winter of 2019/2020 and the results published on 25 March 2020. The CSBS influences how the government shapes future policy, allows organisations to compare their cyber security with others … Read more