Summary Governments and public authorities globally are requiring increased access to personal data of citizens in order to attempt to control and monitor the current spread of COVID-19. The pandemic is generally recognised by data protection authorities as giving rise to extraordinary circumstances, although in Europe at least there are still requirements for processing to … Read more

The GDPR came into effect almost a year ago on the 25 May 2018. As the most significant reform of data protection law in Europe for over 20 years, the legislation raised expectations of a cultural shift in attitude to data privacy. A year on from the fanfare of implementation, this bulletin looks at key … Read more

Connected autonomous vehicles (CAVs) are increasingly capable of creating, collecting and processing a wealth of data. However, in order for vehicle manufacturers and CAV stakeholders to access and extract the value in such data, they must do so lawfully. This is especially true in relation to personal data which is governed in the EU (and beyond) by the General Data Protection Regulation (GDPR). This post explores at a high level how CAV stakeholders can ensure compliance with the GDPR, particularly in relation to CAVs which process personal data of vehicle drivers, owners and pedestrians. Read more

The EDPB has published guidance on the ability of online service providers to rely on the fact that processing is necessary for the performance of a contract in order to legitimise their processing of personal data. Read more

The UK Government has published a new data-related Brexit statutory instrument clarifying the position with respect to transfers of personal data to the US in reliance on the EU-US Privacy Shield (the “Privacy Shield“) and in a no-deal Brexit scenario. Transfers to the US under the Privacy Shield are currently made pursuant to a special … Read more