Schrems II: Reaction from European Regulators and Technology Companies Suggest an Uncomfortable Road Ahead for Transatlantic Data Transfers

    To recap, last week, the European Court of Justice (“ECJ”) ruled that the Privacy Shield is invalid and placed significant emphasis on the due diligence which exporting controllers, recipients and supervisory authorities are expected to undertake in relation to transfers of personal data to third countries which are governed by the Standard Contractual Clauses (“SCCs”).  … Read more

    Data Class Actions: the threat to business

    Our Data Class Actions team has today published an article about the future of class actions in the August 2020 issue of PLC Magazine. The article first appeared in the August 2020 issue of PLC Magazine. The article follows the Supreme Court’s decision in Various Claimants v WM Morrison Supermarkets Plc (Morrisons) – the first … Read more

    UK SWITCHES TO DECENTRALISED APPROACH TO CONTACT TRACING APP

    In a move that marks a major U-turn for the Government, the UK’s proposals for a centralised contact tracing app have been abandoned in favour of a decentralised model. The new model is based on technology developed by Apple and Google and replaces the original app designed by NHSX, which recently has faced criticism due … Read more

    COVID-19: ICO OPINES ON APPLE AND GOOGLE’S CONTACT TRACING TECHNOLOGY (UK)

    On 17 April 2020, the ICO published an opinion by the Information Commissioner (the “Commissioner”) on Apple and Google’s joint initiative to develop COVID-19 contact tracing technology (the “Opinion”, available here). Summary The Commissioner found the CTF to be aligned with principles of data protection by design and by default. Controllers designing contact tracing apps … Read more

    COVID-19: ICO publishes details of its regulatory approach during COVID-19 (UK)

    The ICO has published details of its regulatory approach during the ongoing COVID-19 emergency; this is an approach which should reassure entities who are adapting to the economic and practical realities of operating in the current climate, as well as balancing their data protection obligations.  The UK regulator has continued to be reasonable and pragmatic, … Read more

    Revised ePrivacy Regulation Draft introduces ability for organisations to rely on “Legitimate Interests” legal basis in relation to cookies

    Another revised draft ePrivacy Regulation (“ePR”) was recently published which introduces the ability for organisations to rely on the “legitimate interests” legal basis to drop cookies on end users’ devices. This change has been criticised by some commentators for ambiguities and watering down data protection rights despite accompanying safeguards. It remains to be seen if … Read more

    COVID-19: SFC extends deadline for data storage compliance (Hong Kong)

    The Hong Kong Securities and Futures Commission (SFC) has extended its deadline for licensed corporations to confirm compliance with its new data storage regulations, due to the COVID-19 outbreak. On 31 March 2020, the SFC granted a six-month extension to the implementation deadline for aspects of its 31 October 2019 circular on the use of external electronic data storage … Read more