Data Protection

Data Protection Predictions 2019

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Enforcement, ePrivacy, GDPR, Guidance, Uncategorized

UK Government note clarifies “no deal” and data protection

The UK Government has published a “no deal” note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance … Continue reading

Leave a Comment

Filed under Brexit, Contractual clauses, Data Protection, Extra-territoriality, GDPR, Guidance

Online advertisers face French data probe

Earlier this year, the French Competition Authority (“FCA“) published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold “overwhelming” market power and generated … Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, Marketing

EDPB finally issues draft guidelines on GDPR extra-territoriality

On 23 November 2018, the European Data Protection Board (the “EDPB“) published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe’s data protection legislation. The guidelines are only in … Continue reading

Leave a Comment

Filed under Data Protection, Extra-territoriality, Guidance

Brexit Withdrawal Agreement: Impact for data protection

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, GDPR, Guidance

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Data subject rights, Enforcement, GDPR, News

Data protection if there’s no Brexit deal

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a ‘no deal’ scenario (i.e. a scenario in which the UK leaves the EU without an agreement), … Continue reading

Leave a Comment

Filed under Brexit, Contractual clauses, Data Protection, Extra-territoriality, GDPR, Guidance

New reciprocal adequacy decision allows free flow of personal data between Japan and the EEA

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Data subject rights, Extra-territoriality, GDPR

NIS Directive and Regulations now in force

The EU Network and Information Systems Directive (“NISD”) was required to be implemented into national law by 9 May 2018. The UK implementing regulations (the Network and Information Systems Regulations 2018) (“Regulations”) are now in force. The Regulations impose cyber … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection, National privacy law

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, GDPR, Guidance, National privacy law