Category: Data subject rights

Latest twist in the Morrisons Case: Supreme Court grants Morrisons permission to appeal

April 23, 2019

On 15 April 2019, the Supreme Court granted supermarket chain Morrisons permission to appeal against the Court of Appeal ruling that it was vicariously liable for its employee's misuse of data in the first successful UK class action for a… Read more

GDPR fine in Poland gives important insight into the requirements of Article 14

April 11, 2019

Last week the Personal Data Protection Office ("UODO") in Poland issued a €220,000 fine to a digital marketing company for breaching its obligations under Article 14 of the GDPR (i.e. to provide a privacy notice to individuals). The decision has… Read more

Disinformation and ‘fake news’: Data implications of the Select Committee report

February 27, 2019

The revelations surrounding Cambridge Analytica's use of personal data and involvement with the Vote Leave campaign raised serious questions about the use of personal data in the EU referendum campaign and more widely by technology companies in general. The subsequent… Read more

The German FCO/Facebook decision: implications for data privacy regulation

February 13, 2019

The German competition authority, the Federal Cartel Office ("FCO") last week announced the results of its investigation into Facebook for a novel abuse of dominance involving consent for its data collection. Whilst the full decision is not yet public, the… Read more

Japan Adequacy Decision Adopted by the EU Commission

January 28, 2019

On 23 January 2019, the EU Commission adopted a decision confirming the adequacy of Japanese data protection laws for the purpose of transferring personal data from the EU to Japan in compliance with the international data transfer restrictions set out… Read more

Cyberattack on German Public Figures Leads To One of Germany’s Largest Data Breaches

January 10, 2019

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany's largest data breaches. The leaked… Read more

Online advertisers face French data probe

December 19, 2018

Earlier this year, the French Competition Authority ("FCA") published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold "overwhelming" market power and generated… Read more

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

October 23, 2018

The Court of Appeal has today dismissed an appeal against the High Court's decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse;… Read more

New reciprocal adequacy decision allows free flow of personal data between Japan and the EEA

July 24, 2018

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on… Read more

The rise of the intelligent business: Spotlight on employers

January 11, 2018

This briefing is the second in our multi-disciplinary GDPR series which aims to help you successfully navigate the GDPR as 25 May 2018 approaches. Here we place the spotlight on key compliance considerations in the employment sphere. Data is ubiquitous… Read more

The GDPR: Practical European Guidance on personal data breach notification requirements

November 8, 2017

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will… Read more

UK: Limits on employers’ ability to monitor private communications

September 19, 2017

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned… Read more

UK Government Position Paper on International Transfers of Data – Key Points

August 30, 2017

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves… Read more

IPSO issues guidance on using material taken from social media

July 8, 2017

On 4 July 2017 the Independent Press Standards Organisation (the "IPSO") published guidance for editors and journalists seeking advice on how the Editors' Code of Practice applies to the use of material taken from social media to support or illustrate… Read more

Google DeepMind trial failed to comply with data protection law

July 8, 2017

On 3 July 2017 the Information Commissioner's Office ("ICO") determined that the Royal Free NHS Foundation Trust (the "Trust") had breached the Data Protection Act 1998 (the "Act") when it provided patient details to Google's DeepMind. The Trust provided personal… Read more

US Court Ruling Prohibits US Government Seizure of E-mails Stored Outside the United States

July 30, 2016

A federal appeals court handed a major win to Microsoft when it ruled that US authorities cannot compel US tech companies to disclose e-mail content that they store on servers located outside the United States. The case arises from Microsoft's… Read more

View more posts

Data notes

Filters