- The Belgian Court of Appeal has asked the European Court of Justice for help interpreting the application of the GDPR's 'one stop shop'.
- The case will have important implications for all multi-national companies who have chosen a lead supervisory authority in Europe for GDPR purposes.
- The results of the case will either open or close the doors for regulators across Europe to cast aside the one stop shop when looking to enforce GDPR compliance in their home jurisdiction.
You don't expect to see Prince Harry and the GDPR in the same sentence, but it was reported this week that the Duke of Sussex has settled High Court claims against the paparazzi agency Splash News (Splash), in a case which was based partly on breaches of the GDPR.The Duke of Sussex brought claims against Splash in relation to photographs taken of a house that he was renting. Whilst details of the relevant legal arguments have not been released, Splash's apology statement noted that "[t]his matter concerns a claim for misuse of private information, breaches of The Duke's right to privacy under Article 8 ECHR and breaches of the General Data Protection Regulation and Data Protection Act 2018." Read more
On 14 May 2019, the EU Commission (“the Commission”) announced that it has opened a formal antitrust investigation into Insurance Ireland, an association of insurance companies active in Ireland (“Investigation”). The association administers a database (Insurance Link), to which its member companies contribute insurance claims data on an ongoing basis. Insurance Ireland makes this database … Read more
Connected autonomous vehicles (CAVs) are increasingly capable of creating, collecting and processing a wealth of data. However, in order for vehicle manufacturers and CAV stakeholders to access and extract the value in such data, they must do so lawfully. This is especially true in relation to personal data which is governed in the EU (and beyond) by the General Data Protection Regulation (GDPR). This post explores at a high level how CAV stakeholders can ensure compliance with the GDPR, particularly in relation to CAVs which process personal data of vehicle drivers, owners and pedestrians. Read more
The UK privacy regulator, the Information Commissioner's Office ("ICO") has recently found Her Majesty's Revenue and Customs ("HMRC") liable for a "significant" breach of the GDPR relating to the collection of consents with respect to biometric data. Read more
The EDPB has published guidance on the ability of online service providers to rely on the fact that processing is necessary for the performance of a contract in order to legitimise their processing of personal data. Read more
In our latest briefing we explore the key legal considerations for organisations looking to develop or reﬁne a data commercialisation strategy. Read more
The recent High Court judgment in Rudd v Bridle & J&S Bridle Ltd provides some useful guidance on subject access requests under the Data Protection Act 1998 (equally relevant to the new GDPR regime). Read more