Category: News

British Airways Data Breach: ICO announces potential £183 million ‘mega fine’

09 July, 2019

The ICO has published a notice of its intent to fine British Airways £183.39 million for its 2018 data breach where the personal data of 500,000 customers was stolen by hackers; This is the first ‘mega fine’ issued by a European data regulator since the implementation of the GDPR; The ICO acted as lead supervisory … Read more

Happy GDPR-versary! Herbert Smith Freehills reflections on a year of GDPR regulation

24 May, 2019

The GDPR came into effect almost a year ago on the 25 May 2018. As the most significant reform of data protection law in Europe for over 20 years, the legislation raised expectations of a cultural shift in attitude to data privacy. A year on from the fanfare of implementation, this bulletin looks at key … Read more

Latest twist in the Morrisons Case: Supreme Court grants Morrisons permission to appeal

23 April, 2019

On 15 April 2019, the Supreme Court granted supermarket chain Morrisons permission to appeal against the Court of Appeal ruling that it was vicariously liable for its employee’s misuse of data in the first successful UK class action for a data breach. Permission was granted on all grounds of appeal and the Supreme Court will … Read more

The German FCO/Facebook decision: implications for data privacy regulation

13 February, 2019

The German competition authority, the Federal Cartel Office (“FCO“) last week announced the results of its investigation into Facebook for a novel abuse of dominance involving consent for its data collection. Whilst the full decision is not yet public, the FCO has published a background paper here. In short, the FCO found that Facebook had … Read more

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

23 October, 2018

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; and (ii) the employee’s intention being to cause reputational or financial damage to Morrisons itself: … Read more

UK: Limits on employers’ ability to monitor private communications

19 September, 2017

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned an employee’s personal use of a Yahoo Messenger account set up at the employer’s request … Read more

Google DeepMind trial failed to comply with data protection law

08 July, 2017

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind. The Trust provided personal data of approximately 1.6 million patients to Google’s Deep Mind as part of clinical safety … Read more

Data notes

Filters

Filters

Categories

Type

Year