Cookie Compliance: How can companies get it right when the regulator does not?

The UK privacy regulator has admitted that its own cookie consent process does not comply with the current GDPR and ePrivacy rules. According to the regulator, a new process will be implemented during the week beginning 24th June 2019, which could give organisations a valuable insight into how to navigate the complex interaction between the … Read more

Probing the rules on automated decision making: article published in Privacy and Data Protection Journal

The Privacy and Data Protection Journal has published an article by Duc Tran, Senior Associate from our Digital TMT, Sourcing & Data Team, exploring automated decision making under the General Data Protection Regulation (GDPR). In recent times, forward-thinking organisations have sought to automate and optimise the effectiveness and efficiency of their operations and decision making … Read more

European court to rule on validity of GDPR Standard Contractual Clauses

The long-running challenge to the so-called EU Standard Contractual Clauses and the EU-US Privacy Shield, both used to lawfully transfer personal data outside of Europe, is now going to be heard by the European Court of Justice (“ECJ“) after an attempt to block the referral was rejected by the Irish Supreme Court. The ECJ will … Read more

A royal curveball – using the GDPR in privacy disputes

You don't expect to see Prince Harry and the GDPR in the same sentence, but it was reported this week that the Duke of Sussex has settled High Court claims against the paparazzi agency Splash News (Splash), in a case which was based partly on breaches of the GDPR.The Duke of Sussex brought claims against Splash in relation to photographs taken of a house that he was renting. Whilst details of the relevant legal arguments have not been released, Splash's apology statement noted that "[t]his matter concerns a claim for misuse of private information, breaches of The Duke's right to privacy under Article 8 ECHR and breaches of the General Data Protection Regulation and Data Protection Act 2018." Read more

Driving Data Compliance

Connected autonomous vehicles (CAVs) are increasingly capable of creating, collecting and processing a wealth of data. However, in order for vehicle manufacturers and CAV stakeholders to access and extract the value in such data, they must do so lawfully. This is especially true in relation to personal data which is governed in the EU (and beyond) by the General Data Protection Regulation (GDPR). This post explores at a high level how CAV stakeholders can ensure compliance with the GDPR, particularly in relation to CAVs which process personal data of vehicle drivers, owners and pedestrians. Read more