Data subject rights

Cyberattack on German Public Figures Leads To One of Germany’s Largest Data Breaches

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany’s largest data breaches. The leaked … Continue reading

Leave a Comment

Filed under Data breach, Data subject rights, Enforcement

Online advertisers face French data probe

Earlier this year, the French Competition Authority (“FCA“) published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold “overwhelming” market power and generated … Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, Marketing

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Data subject rights, Enforcement, GDPR, News

New reciprocal adequacy decision allows free flow of personal data between Japan and the EEA

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Data subject rights, Extra-territoriality, GDPR

The rise of the intelligent business: Spotlight on employers

This briefing is the second in our multi-disciplinary GDPR series which aims to help you successfully navigate the GDPR as 25 May 2018 approaches. Here we place the spotlight on key compliance considerations in the employment sphere. Data is ubiquitous … Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, GDPR

The GDPR: Practical European Guidance on personal data breach notification requirements

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, Data subject rights, GDPR

UK: Limits on employers’ ability to monitor private communications

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned … Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, IT and Technology, National privacy law, News

UK Government Position Paper on International Transfers of Data – Key Points

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves … Continue reading

Leave a Comment

Filed under Brexit, Cyber Security, Data Protection, Data subject rights, Disclosures, Extra-territoriality, GDPR

IPSO issues guidance on using material taken from social media

On 4 July 2017 the Independent Press Standards Organisation (the “IPSO“) published guidance for editors and journalists seeking advice on how the Editors’ Code of Practice applies to the use of material taken from social media to support or illustrate … Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights

Google DeepMind trial failed to comply with data protection law

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind. The Trust provided personal … Continue reading

Leave a Comment

Filed under Data breach, Data Protection, Data subject rights, Enforcement, IT and Technology, News