The revelations surrounding Cambridge Analytica's use of personal data and involvement with the Vote Leave campaign raised serious questions about the use of personal data in the EU referendum campaign and more widely by technology companies in general. The subsequent… Read more

As we all continue to try to grapple with the implications of a no-deal Brexit, the last week or two has seen the publication of a few things of interest from a data protection perspective: The EDPB's view of data… Read more

The German competition authority, the Federal Cartel Office ("FCO") last week announced the results of its investigation into Facebook for a novel abuse of dominance involving consent for its data collection. Whilst the full decision is not yet public, the… Read more

Miriam Everett, Head of the Data Protection and Privacy group at Herbert Smith Freehills, has been working with the LexisNexis Data Protection Intelligence Group to publish a paper on Brexit and international personal data transfers: Practical approaches for the private sector… Read more

January 28th is International Data Privacy Day, which is celebrated internationally each year. It exists to promote awareness about the importance of respecting privacy, safeguarding data and enabling trust. ... Read more

On 23 January 2019, the EU Commission adopted a decision confirming the adequacy of Japanese data protection laws for the purpose of transferring personal data from the EU to Japan in compliance with the international data transfer restrictions set out… Read more

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany's largest data breaches. The leaked… Read more

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation ("GDPR") came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for… Read more

The UK Government has published a "no deal" note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance… Read more

The UK Government recently launched a Call for Views on its Initial National Cyber Security Skills Strategy. The closing date for stakeholder responses is 1 March 2019, with the final strategy document expected to be published late in 2019. ... Read more

Earlier this year, the French Competition Authority ("FCA") published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold "overwhelming" market power and generated… Read more

The Mirai malware gained its infamy in October 2016 following its record breaking attack on systems operated by domain name system provider Dyn, using unsecured Internet of Things ("IoT") enabled "smart" devices (such as CCTV recorders, webcams and routers). It… Read more

On 23 November 2018, the European Data Protection Board (the "EDPB") published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe's data protection legislation. The guidelines are only in… Read more

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal… Read more

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been… Read more

The Court of Appeal has today dismissed an appeal against the High Court's decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse;… Read more

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a 'no deal' scenario (i.e. a scenario in which the UK leaves the EU without an agreement),… Read more

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on… Read more

In the cases of Clarkson Plc v Person(s) Unknown (“Clarkson”) and PML v Person(s) unknown (“PML”), the court has created a new tool in the fight against cyber attackers. The defendants who are unknown person(s) gained unauthorised access to the… Read more

The EU Network and Information Systems Directive (“NISD”) was required to be implemented into national law by 9 May 2018. The UK implementing regulations (the Network and Information Systems Regulations 2018) (“Regulations”) are now in force. The Regulations impose cyber… Read more

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article… Read more

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices… Read more

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but… Read more

With increased outsourcing to the cloud or other third party external service providers and an increasingly complex supply chain for businesses, modern strategies for leveraging data can bring significant business efficiencies, competitive edge and growth opportunities, but also a range… Read more

Cyber security remains in the public eye with multiple incidents and vulnerabilities reported affecting telecoms companies. Telecoms companies need to continue to focus on the risks and consider updating their pro-active defence and cyber security response plans to reflect the… Read more

We are living in an increasingly inter-connected digital society where the services of many organisations are global in nature, and yet internet activities are still being tackled by national laws and regulations. The online world does not respect physical or… Read more

Described by some as the “new oil” for the digital economy, there is no doubt that data are now seen as critical for organisations to succeed. Data are a powerful and lucrative fuel for productivity. If not adequately protected, data… Read more

This briefing is the second in our multi-disciplinary GDPR series which aims to help you successfully navigate the GDPR as 25 May 2018 approaches. Here we place the spotlight on key compliance considerations in the employment sphere. Data is ubiquitous… Read more

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks… Read more

Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was… Read more